9c8b1aecaf1bdded80bec98ec5ab5b9b9754cbce9439dd9eacc7d1774d1438f8

Analysis

max time kernel
67s
max time network
151s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
08/03/2023, 10:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AutoHotkey_2.0.2_setup.exe
Size

2.8MB
MD5

7ce7d260acfddf2dbc0286c1493560b2
SHA1

882b4d50de925a5411b83b47a1dbbd478490131c
SHA256

9c8b1aecaf1bdded80bec98ec5ab5b9b9754cbce9439dd9eacc7d1774d1438f8
SHA512

66ec91c9ee568342410e2b84b475b60190dcb31a8bb11b9999c81eefc43418b91dfb5822649d43c4376dbd8d804b3693d05decd30fb0035e190953d445035fcf
SSDEEP

49152:F5eZSM1m5dOO/VtzVrwHUR0QpGrfkrQdYhCl/EllK8g3pOkTQ26:YA9V9NHFpIfyQdzVK48AOkTQD

Score

7^/10

discovery upx

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
1780	AutoHotkeyUX.exe
1388	AutoHotkeyUX.exe
1392	AutoHotkeyUX.exe
1484	AutoHotkeyUX.exe

Loads dropped DLL 18 IoCs

pid	Process
1804	AutoHotkey_2.0.2_setup.exe
1688	AutoHotkey_2.0.2_setup.exe
1688	AutoHotkey_2.0.2_setup.exe
1688	AutoHotkey_2.0.2_setup.exe
1688	AutoHotkey_2.0.2_setup.exe
1688	AutoHotkey_2.0.2_setup.exe
1688	AutoHotkey_2.0.2_setup.exe
1688	AutoHotkey_2.0.2_setup.exe
1688	AutoHotkey_2.0.2_setup.exe
1688	AutoHotkey_2.0.2_setup.exe
1232	Process not Found
1232	Process not Found
1232	Process not Found
1232	Process not Found
1480	explorer.exe
1480	explorer.exe
1480	explorer.exe
1480	explorer.exe

UPX packed file 10 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1352-54-0x0000000000400000-0x000000000092B000-memory.dmp	upx
behavioral1/memory/1352-55-0x0000000000400000-0x000000000092B000-memory.dmp	upx
behavioral1/memory/1804-57-0x0000000000400000-0x000000000092B000-memory.dmp	upx
behavioral1/memory/1804-210-0x0000000000400000-0x000000000092B000-memory.dmp	upx
behavioral1/memory/1804-212-0x0000000000400000-0x000000000092B000-memory.dmp	upx
behavioral1/memory/1804-248-0x0000000000400000-0x000000000092B000-memory.dmp	upx
behavioral1/memory/1640-249-0x0000000000400000-0x000000000092B000-memory.dmp	upx
behavioral1/memory/1640-250-0x0000000000400000-0x000000000092B000-memory.dmp	upx
behavioral1/memory/1688-251-0x0000000000400000-0x000000000092B000-memory.dmp	upx
behavioral1/memory/1688-570-0x0000000000400000-0x000000000092B000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\reset-assoc.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\inc\GetGitHubReleaseAssetURL.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\launcher-common.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\ui-base.ahk	AutoHotkey_2.0.2_setup.exe
File opened for modification	C:\Program Files\AutoHotkey\v2\RCX1B3F.tmp	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\ui-newscript.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\ui-setup.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\install-ahk2exe.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\ui-editor.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\ui-uninstall.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\install-ahk2exe.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\inc\identify.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\v2\AutoHotkey64.exe	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\config.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\identify_regex.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\AutoHotkey.chm	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\ui-launcherconfig.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\inc\identify_regex.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\inc\spy.ico	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\WindowSpy.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\install.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\CreateAppShortcut.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\README.txt	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\common.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\install-version.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\inc\bounce-v1.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\ShellRun.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\reload-v1.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\reset-assoc.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\ui-newscript.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\ui-setup.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\EnableUIAccess.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\AutoHotkey32.exe	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\v2\AutoHotkey.chm	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\install-version.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\ui-editor.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\WindowSpy.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\inc\common.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\inc\launcher-common.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\inc\ShellRun.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\Templates\Minimal for v2.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\launcher.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\WindowSpy.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\identify.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\spy.ico	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\ui-uninstall.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\inc\README.txt	AutoHotkey_2.0.2_setup.exe
File opened for modification	C:\Program Files\AutoHotkey\v2\AutoHotkey32.exe	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\ui-launcherconfig.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\GetGitHubReleaseAssetURL.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\HashFile.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\inc\CommandLineToArgs.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\ui-dash.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\v2\AutoHotkey32_UIA.exe	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\inc\CreateAppShortcut.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\install.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\bounce-v1.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\inc\ui-base.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\v2\AutoHotkey32.exe	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\AutoHotkey64.exe	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\license.txt	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\Install.cmd	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\launcher.ahk	AutoHotkey_2.0.2_setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell\Open	AutoHotkey_2.0.2_setup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Launch\Command\ = "\"C:\\Program Files\\AutoHotkey\\UX\\AutoHotkeyUX.exe\" \"C:\\Program Files\\AutoHotkey\\UX\\launcher.ahk\" /Launch \"%1\" %*"	AutoHotkey_2.0.2_setup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.ahk\PersistentHandler\ = "{5e941d80-bf96-11cd-b579-08002b30bfeb}"	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\ = "Open runas UIAccess Edit"	AutoHotkey_2.0.2_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\RunAs\Command	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\AutoHotkeyScript\AppUserModelID = "AutoHotkey.AutoHotkey"	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\AutoHotkeyScript\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\AutoHotkey\\UX\\AutoHotkeyUX.exe,1"	AutoHotkey_2.0.2_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\RunAs\AppUserModelID = "AutoHotkey.AutoHotkey"	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\UIAccess\ = "Run with UI access"	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\UIAccess\AppUserModelID = "AutoHotkey.AutoHotkey"	AutoHotkey_2.0.2_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\AutoHotkeyScript	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\AutoHotkeyScript\ = "AutoHotkey Script"	AutoHotkey_2.0.2_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Launch	AutoHotkey_2.0.2_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Edit\Command	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\AutoHotkeyScript\Shell\Open\AppUserModelID = "AutoHotkey.AutoHotkey"	AutoHotkey_2.0.2_setup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\AutoHotkeyScript\Shell	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Open\Command\ = "\"C:\\Program Files\\AutoHotkey\\UX\\AutoHotkeyUX.exe\" \"C:\\Program Files\\AutoHotkey\\UX\\launcher.ahk\" \"%1\" %*"	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\RunAs\Command\ = "\"C:\\Program Files\\AutoHotkey\\UX\\AutoHotkeyUX.exe\" \"C:\\Program Files\\AutoHotkey\\UX\\launcher.ahk\" \"%1\" %*"	AutoHotkey_2.0.2_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell\UIAccess	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\.ahk\ = "AutoHotkeyScript"	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\AutoHotkeyScript\Shell\Edit\Command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\AutoHotkey\\UX\\AutoHotkeyUX.exe\" \"C:\\Users\\Admin\\AppData\\Local\\Programs\\AutoHotkey\\UX\\ui-editor.ahk\" \"%1\""	AutoHotkey_2.0.2_setup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 = 80003100000000006856155f1100444f43554d457e310000680008000400efbe545671a76856155f2a000000e90100000000020000000000000000003e000000000044006f00630075006d0065006e0074007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370037003000000018000000	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\RunAs	AutoHotkey_2.0.2_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell\UIAccess\Command	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Edit\ = "Edit script"	AutoHotkey_2.0.2_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\.ahk\ShellNew	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\AutoHotkeyScript\Shell\Open\FriendlyAppName = "AutoHotkey Launcher"	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\AutoHotkeyScript\Shell\Launch\AppUserModelID = "AutoHotkey.AutoHotkey"	AutoHotkey_2.0.2_setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\AutoHotkeyScript\Shell\RunAs\AppUserModelID = "AutoHotkey.AutoHotkey"	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\AutoHotkeyScript\Shell\Launch\ = "Launch"	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\AutoHotkeyScript\Shell\Edit\ = "Edit script"	AutoHotkey_2.0.2_setup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Launch\ = "Launch"	AutoHotkey_2.0.2_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\AutoHotkeyScript\Shell\Open\Command	AutoHotkey_2.0.2_setup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Open\ = "Run script"	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\RunAs\HasLUAShield	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\AutoHotkeyScript\Shell\Open\ = "Run script"	AutoHotkey_2.0.2_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\AutoHotkeyScript\Shell\Launch	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\AutoHotkeyScript\Shell\Launch\ProgrammaticAccessOnly	AutoHotkey_2.0.2_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell	AutoHotkey_2.0.2_setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\NodeSlot = "1"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Rev = "0"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}"	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.ahk\ShellNew	AutoHotkey_2.0.2_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\DefaultIcon	AutoHotkey_2.0.2_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\.ahk\PersistentHandler	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\AutoHotkeyScript\Shell\RunAs\HasLUAShield	AutoHotkey_2.0.2_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\AppUserModelID = "AutoHotkey.AutoHotkey"	AutoHotkey_2.0.2_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript	AutoHotkey_2.0.2_setup.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\367EB58F7D6A9442050387515C3E99AE172607CF	AutoHotkey_2.0.2_setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\367EB58F7D6A9442050387515C3E99AE172607CF\Blob = 030000000100000014000000367eb58f7d6a9442050387515c3e99ae172607cf0200000001000000840000001c0000003400000001000000000000000000000000000000020000004100750074006f0048006f0074006b0065007900000000004d006900630072006f0073006f006600740020005300740072006f006e0067002000430072007900700074006f0067007200610070006800690063002000500072006f007600690064006500720000002000000001000000b1010000308201ad30820116a00302010202107e2bcdcd72f0a195426611c757ce035e300d06092a864886f70d01010505003015311330110603550403130a4175746f486f746b6579301e170d3233303330383131353535375a170d3333303330383131353535375a3015311330110603550403130a4175746f486f746b657930819f300d06092a864886f70d010101050003818d0030818902818100d9d9469c7ca3299cfaa660414b03bb3a95986c21a2c393f8810c992738275b4083ce8cd76c8dbbc146873b582d241024c74c8e2ff5a6cfe1e8a7fccf5ad807899ba7038b36464a2d3f35cd92a4e32fd7316c859048fabde57887aafe5bc671a33cd3651a1110e36c1cf1c17e635fa1c9ae3513cbbe7f555ad9aa828b23cc10ed0203010001300d06092a864886f70d010105050003818100091570b7e851f2fa02e840deadd475fafb17bb1605c6e1f932d0a89cbadaa696b16ee8048b7c6a6271108575a25e1a50901616d3e30aff516811e8e30af751d1380c4fb784aa4f072328ce66e28bcea6d37a344eeac7048ff8a016a12356395d9bb5a14b767697848205fb3a924f3a8ebe29a9af6da8b1442daa4fcdab783f0f	AutoHotkey_2.0.2_setup.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
284	chrome.exe
284	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
1352	AutoHotkey_2.0.2_setup.exe
1640	AutoHotkey_2.0.2_setup.exe
1388	AutoHotkeyUX.exe
1392	AutoHotkeyUX.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: 35	1688	AutoHotkey_2.0.2_setup.exe
Token: SeShutdownPrivilege	284	chrome.exe
Token: SeShutdownPrivilege	284	chrome.exe
Token: SeShutdownPrivilege	284	chrome.exe
Token: SeShutdownPrivilege	284	chrome.exe
Token: SeShutdownPrivilege	284	chrome.exe
Token: SeShutdownPrivilege	284	chrome.exe

Suspicious use of FindShellTrayWindow 56 IoCs

pid	Process
1780	AutoHotkeyUX.exe
1780	AutoHotkeyUX.exe
1388	AutoHotkeyUX.exe
1392	AutoHotkeyUX.exe
1484	AutoHotkeyUX.exe
1484	AutoHotkeyUX.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe

Suspicious use of SendNotifyMessage 52 IoCs

pid	Process
1780	AutoHotkeyUX.exe
1780	AutoHotkeyUX.exe
1484	AutoHotkeyUX.exe
1484	AutoHotkeyUX.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe
284	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1392	AutoHotkeyUX.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1352 wrote to memory of 1804	1352	AutoHotkey_2.0.2_setup.exe	28
PID 1352 wrote to memory of 1804	1352	AutoHotkey_2.0.2_setup.exe	28
PID 1352 wrote to memory of 1804	1352	AutoHotkey_2.0.2_setup.exe	28
PID 1352 wrote to memory of 1804	1352	AutoHotkey_2.0.2_setup.exe	28
PID 1352 wrote to memory of 1804	1352	AutoHotkey_2.0.2_setup.exe	28
PID 1352 wrote to memory of 1804	1352	AutoHotkey_2.0.2_setup.exe	28
PID 1352 wrote to memory of 1804	1352	AutoHotkey_2.0.2_setup.exe	28
PID 1804 wrote to memory of 1640	1804	AutoHotkey_2.0.2_setup.exe	30
PID 1804 wrote to memory of 1640	1804	AutoHotkey_2.0.2_setup.exe	30
PID 1804 wrote to memory of 1640	1804	AutoHotkey_2.0.2_setup.exe	30
PID 1804 wrote to memory of 1640	1804	AutoHotkey_2.0.2_setup.exe	30
PID 1804 wrote to memory of 1640	1804	AutoHotkey_2.0.2_setup.exe	30
PID 1804 wrote to memory of 1640	1804	AutoHotkey_2.0.2_setup.exe	30
PID 1804 wrote to memory of 1640	1804	AutoHotkey_2.0.2_setup.exe	30
PID 1640 wrote to memory of 1688	1640	AutoHotkey_2.0.2_setup.exe	31
PID 1640 wrote to memory of 1688	1640	AutoHotkey_2.0.2_setup.exe	31
PID 1640 wrote to memory of 1688	1640	AutoHotkey_2.0.2_setup.exe	31
PID 1640 wrote to memory of 1688	1640	AutoHotkey_2.0.2_setup.exe	31
PID 1640 wrote to memory of 1688	1640	AutoHotkey_2.0.2_setup.exe	31
PID 1640 wrote to memory of 1688	1640	AutoHotkey_2.0.2_setup.exe	31
PID 1640 wrote to memory of 1688	1640	AutoHotkey_2.0.2_setup.exe	31
PID 1688 wrote to memory of 1780	1688	AutoHotkey_2.0.2_setup.exe	32
PID 1688 wrote to memory of 1780	1688	AutoHotkey_2.0.2_setup.exe	32
PID 1688 wrote to memory of 1780	1688	AutoHotkey_2.0.2_setup.exe	32
PID 1688 wrote to memory of 1780	1688	AutoHotkey_2.0.2_setup.exe	32
PID 1388 wrote to memory of 1392	1388	AutoHotkeyUX.exe	35
PID 1388 wrote to memory of 1392	1388	AutoHotkeyUX.exe	35
PID 1388 wrote to memory of 1392	1388	AutoHotkeyUX.exe	35
PID 1388 wrote to memory of 1484	1388	AutoHotkeyUX.exe	36
PID 1388 wrote to memory of 1484	1388	AutoHotkeyUX.exe	36
PID 1388 wrote to memory of 1484	1388	AutoHotkeyUX.exe	36
PID 1388 wrote to memory of 1768	1388	AutoHotkeyUX.exe	37
PID 1388 wrote to memory of 1768	1388	AutoHotkeyUX.exe	37
PID 1388 wrote to memory of 1768	1388	AutoHotkeyUX.exe	37
PID 284 wrote to memory of 1376	284	chrome.exe	41
PID 284 wrote to memory of 1376	284	chrome.exe	41
PID 284 wrote to memory of 1376	284	chrome.exe	41
PID 284 wrote to memory of 764	284	chrome.exe	43
PID 284 wrote to memory of 764	284	chrome.exe	43
PID 284 wrote to memory of 764	284	chrome.exe	43
PID 284 wrote to memory of 764	284	chrome.exe	43
PID 284 wrote to memory of 764	284	chrome.exe	43
PID 284 wrote to memory of 764	284	chrome.exe	43
PID 284 wrote to memory of 764	284	chrome.exe	43
PID 284 wrote to memory of 764	284	chrome.exe	43
PID 284 wrote to memory of 764	284	chrome.exe	43
PID 284 wrote to memory of 764	284	chrome.exe	43
PID 284 wrote to memory of 764	284	chrome.exe	43
PID 284 wrote to memory of 764	284	chrome.exe	43
PID 284 wrote to memory of 764	284	chrome.exe	43
PID 284 wrote to memory of 764	284	chrome.exe	43
PID 284 wrote to memory of 764	284	chrome.exe	43
PID 284 wrote to memory of 764	284	chrome.exe	43
PID 284 wrote to memory of 764	284	chrome.exe	43
PID 284 wrote to memory of 764	284	chrome.exe	43
PID 284 wrote to memory of 764	284	chrome.exe	43
PID 284 wrote to memory of 764	284	chrome.exe	43
PID 284 wrote to memory of 764	284	chrome.exe	43
PID 284 wrote to memory of 764	284	chrome.exe	43
PID 284 wrote to memory of 764	284	chrome.exe	43
PID 284 wrote to memory of 764	284	chrome.exe	43
PID 284 wrote to memory of 764	284	chrome.exe	43
PID 284 wrote to memory of 764	284	chrome.exe	43
PID 284 wrote to memory of 764	284	chrome.exe	43

C:\Users\Admin\AppData\Local\Temp\AutoHotkey_2.0.2_setup.exe
"C:\Users\Admin\AppData\Local\Temp\AutoHotkey_2.0.2_setup.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:1352
- C:\Users\Admin\AppData\Local\Temp\AutoHotkey_2.0.2_setup.exe
  "C:\Users\Admin\AppData\Local\Temp\AutoHotkey_2.0.2_setup.exe" /to "C:\Program Files\AutoHotkey"
  2⤵
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Modifies registry class
  - Modifies system certificate store
  - Suspicious use of WriteProcessMemory
  PID:1804
- - C:\Users\Admin\AppData\Local\Temp\AutoHotkey_2.0.2_setup.exe
    "C:\Users\Admin\AppData\Local\Temp\AutoHotkey_2.0.2_setup.exe" /restart /script "*#1"
    3⤵
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of WriteProcessMemory
    PID:1640
  - - C:\Users\Admin\AppData\Local\Temp\AutoHotkey_2.0.2_setup.exe
      "C:\Users\Admin\AppData\Local\Temp\AutoHotkey_2.0.2_setup.exe" /to "C:\Users\Admin\AppData\Local\Programs\AutoHotkey" /user
      4⤵
      Loads dropped DLL
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:1688
    - - C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe
        
        "C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe" "C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\reset-assoc.ahk" /check
        5⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1780

C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe
"C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe" UX\ui-dash.ahk
1⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1388
- C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe
  "C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe" /script WindowSpy.ahk
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:1392
- C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe
  "C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe" /script "C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\install-ahk2exe.ahk"
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1484
- C:\Windows\explorer.exe
  explorer /select,"C:\Users\Admin\Documents\AutoHotkey\Untitled.ahk"
  2⤵
  PID:1768

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Modifies registry class
PID:1480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6849758,0x7fef6849768,0x7fef6849778
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1192 --field-trial-handle=1244,i,6642681766639672415,8787382983059987344,131072 /prefetch:2
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1468 --field-trial-handle=1244,i,6642681766639672415,8787382983059987344,131072 /prefetch:8
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1544 --field-trial-handle=1244,i,6642681766639672415,8787382983059987344,131072 /prefetch:8
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1992 --field-trial-handle=1244,i,6642681766639672415,8787382983059987344,131072 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2016 --field-trial-handle=1244,i,6642681766639672415,8787382983059987344,131072 /prefetch:1
  2⤵
  PID:680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2224 --field-trial-handle=1244,i,6642681766639672415,8787382983059987344,131072 /prefetch:2
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2084 --field-trial-handle=1244,i,6642681766639672415,8787382983059987344,131072 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3404 --field-trial-handle=1244,i,6642681766639672415,8787382983059987344,131072 /prefetch:8
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3844 --field-trial-handle=1244,i,6642681766639672415,8787382983059987344,131072 /prefetch:8
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3848 --field-trial-handle=1244,i,6642681766639672415,8787382983059987344,131072 /prefetch:8
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4124 --field-trial-handle=1244,i,6642681766639672415,8787382983059987344,131072 /prefetch:8
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4164 --field-trial-handle=1244,i,6642681766639672415,8787382983059987344,131072 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3952 --field-trial-handle=1244,i,6642681766639672415,8787382983059987344,131072 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3104 --field-trial-handle=1244,i,6642681766639672415,8787382983059987344,131072 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3008 --field-trial-handle=1244,i,6642681766639672415,8787382983059987344,131072 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4272 --field-trial-handle=1244,i,6642681766639672415,8787382983059987344,131072 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4180 --field-trial-handle=1244,i,6642681766639672415,8787382983059987344,131072 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4780 --field-trial-handle=1244,i,6642681766639672415,8787382983059987344,131072 /prefetch:1
  2⤵
  PID:1644

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1020

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\AutoHotkey64.exe

Filesize
1.2MB

MD5
99ec2b896ef799981db726d05baac05c

SHA1
5ba1cd1ced1c8657b45063cd374485b323b93a65

SHA256
18e4d217e5f750735996e5a804147e710e8ff541cec8ef88223afcfb60c18e40

SHA512
7689737430f6d84901e2ccd5f9ac0723cba6faa22edf34199b9814d91da196a420dd358b9a30c7c2642aa564ba8ed2ef1f065679d51c647e8918c7d575c70e37

Download Submit
C:\Program Files\AutoHotkey\v2\AutoHotkey32.exe

Filesize
955KB

MD5
756e244fdf729022c26f2de05c4a7249

SHA1
e0f8658e1e0e8b0f39809a45d8f6db14af707dae

SHA256
528ac75827d90533ff0ce9da73ba20a67161ff391c239d1f5eda4c17dc5b6978

SHA512
80a818775c8f01ac9968c157d7f6773fa34d3064e86aa8109a05f19a8da8ebf8dfb112cda12bfe3bb8648f063c64b99389ef049c19e6b96f77e01241eba56724

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
418f8cf67e48b72de68958b3ad6d64b4

SHA1
465d7066761429ff2406edd97a40ccf60aeb5066

SHA256
804465504ed1b7cd451d84b1400fef6d59203af28c82436abcf7e5b260b6c46e

SHA512
3078374591299f0ac9df7e676e17f1168b80e0243826f8689843bae06b41087936189fb5e55b49c59c66a1c2163385dcb10b7eb8f7199c264e311a51d2be9fb5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7f8dcb7412db75b572f7552d5b0cd76d

SHA1
a8487f3919492a83255be46bc57418191d223ec8

SHA256
b9fa2a5618322f9bfd8bcb9c7cb2a68d3cee7772961327dead53775de762f35c

SHA512
b5baa844772280c5cdcfe36bc077b485d3d62fc01ef3d72ce476fb2aefec40cb3128a915cf937f0e489c2614659a9ba2aba230c968009df3fd11fe2cc86ccd44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3a32a1e5982f42c062040a9cf1fc3e7c

SHA1
fc3cb26b7bf1efb0063b8df4b294e4395c88debb

SHA256
58cffffc8d51d98addbb6f54366a40ef7ebc66bca658a0bb1b04b97cdfa728f1

SHA512
4c94f2f9d626cd92ab584e19d0b8f27d23acb89fa3a36e29e9ec3137673c7c5a05b15d652e04a0292f177c704c905b89d894225e70c054a3c52f2ea9335b7e00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e1095a116e319b148c819cac1e562aa

SHA1
10ac65a91a0ab479179d668d29cc73b7a003690d

SHA256
95f2e0f56c719dbfdbdefc85099a1a9588b1ea959e42cb0d6beb5a780e352d60

SHA512
a7b212701527a9d3a06c7e75eac8a8d2c8b132e80462d57d6ca0dd7a4ab73b035c7b884608383b97df3e879d00f86318e53a170bdfe5a2ca935c5fa18c73d92f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3fd740c8bc4a63ef0022a0d946594f18

SHA1
fae3edabe4b198e7c9c0a30af223483ef95fe66c

SHA256
717fffd34d0da2f832cee6f92fda897fd81ac420ff316b7d288a931a1bea6eeb

SHA512
2b0e24d6d405e7154860cb6144790e1458ada62d536e46202cb30ef402fac9acb73ce9329245ae6a9017eafe2c95913b0581d9b516f287f02d93106fa016b116

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0ebb8047-0a05-4c36-9b3f-61c1bc37f19d.tmp

Filesize
4KB

MD5
3fb5f1f5b9000ea1f81fed5cc7e247fd

SHA1
e2fcbc1fd335e30a4bc933a1fa45215bcb5d9b88

SHA256
cdce40fb0aaf79c7caef9773f1c9fc6e2e3e1062ca97858125644fa9da051e83

SHA512
a2dc987c946a250387647336057fed87c8c3c4df5b07854b58abc5b93588b888f4fb96b116e5cf5dba93935e61b392db42e0e522c68e12f629b819912b575c7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
6526211e197a5d3758fe04858f4f06c0

SHA1
73c8a08d65ddff563f1942f8491d41a39f9ed8c9

SHA256
cc45696e95ce05112dc9a09ad5b1297ff7c3f4cd2b645157fcd6052919b17c34

SHA512
c439517473f6a64c3f2a3906c0c3faa5e1a5e745d005786a081f2c1419fbc67f4205b00eaf47c41ee7840ce856fb402bca5fb2155cdcb5b1cd9b64f50626ca34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
866f5701620fdcf24163f91b7e1ff7e9

SHA1
17860631d36723a1e882c16aec52dfe29effa6c5

SHA256
b9194b3db8888f3d6b8e33591df0e339955bf2cf2c90363b54d420b6e97f5823

SHA512
c25e414f1816e3dff222d9a75d906bde5fe2bfa1bab6a31946bf584ea561a5b6c1532df21657de2b25025cce6d1444204f6549c2a379be8755b23ec61e3b0d61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
02213179f1fca0e97fe730bf55a0342d

SHA1
f70ae6ce3edfb758e406fe041338b7004d606d16

SHA256
c1215e9cfea951a270389b29f5e6bddbc85100b1042c345667554241f3c115df

SHA512
4e97efc731f8fbd14a0ddb94bcb66093add21180a22d741c48c2d24507e772d7e5e5a14c189743e4e84356ca64c5e666503ac76033373eeb16ca3e9465d87f4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1dc58ab42c55cba0d1376f0fd19cc440

SHA1
3cb141192277c3918cf24bdc3dff30d4c6bfc355

SHA256
4ceb22a981a0653bad1cfb46c2d4d407ec3416676bb09f38c5004cd26990ef31

SHA512
9b2c96e97dd60e53f7564f35839806ac6cf5ab2043c7a08ffc8a1b044a637827279c2ea2ae1b0702da6c01505d4f97c8cda3d18db9c9ff46cf6f692b71bf65b7

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\AutoHotkey.chm

Filesize
1.8MB

MD5
d7ec8fe26d26746b74f244026dc70152

SHA1
492da9985534e55020d7529591d5cfbe59300555

SHA256
3adcde4562651b37751e8ad1cfbac13a09dcc1e923ac42c17d86ba395f0a1e0a

SHA512
515b9fc07d4b755c0711bd251f3bcd335d58903bc1d4a1e5c544965e951a8548317ed42e7b9ac0ecf7d5966e879f4f42b677ea0d716fb1524d7984588cf704e4

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\Templates\Minimal for v2.ahk

Filesize
93B

MD5
cdc8756680c459bd511d2bd2895fe2b2

SHA1
a7ea57fd628cfe2f664f2647510c6a412c520dfb

SHA256
7f618d3ca343a0739a52a4a3c4f5b963ed98dc077b60c65fdc77d70fb0ec12d3

SHA512
101722eb5bba352d557e7d70704e24a54a129276857e8cc13f40da26dfa9267a67de79e52a0f552ff676d1825d0fb2eb467837b397d2e6905fa90d6891bccd45

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\WindowSpy.ahk

Filesize
7KB

MD5
765cc539c9eb2b35b5e2784eb8b68695

SHA1
974550dc0fa38a188632f352480d9238be35fc60

SHA256
5915dca20f564240b4e7952bd82abc3fa87561d556b991cf4160dd8fb260a2bf

SHA512
0b2338ff21f5d9219e1c49d33f16d2923e65ff8bdd8b52b65e07f2d45501e072359cc08d903bcb5258bc758e087d073ac8a19c5e98328b737332b8389a4c8701

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\inc\CommandLineToArgs.ahk

Filesize
352B

MD5
e8d9a7e78d6a2a40bfb532b4812bde59

SHA1
5674b63092a69c419a42bab9e7462bde3bdb3cad

SHA256
a6c51e2188e31e3510577263d7b96db147b0df3dfa24c96df8fdd9d73da859ee

SHA512
dd7d78c7724dca4684c732b0f3f8e73af67610de8945255b48b9301672ac0b4f405c802a8cd4c343d53266f492d2d0dcd2727b5ebdb9e90cfc9173876b9ab905

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\inc\CreateAppShortcut.ahk

Filesize
1KB

MD5
2ffbde65b63790c5aa12996e9ef9068c

SHA1
a793986e4e72d5b5a866e927855eacc3a0399a7a

SHA256
40a6f0cda5fd1dff324cab288bb453aa60b41b09dacbfbc64f2d871423f33935

SHA512
315b2803c8e803b238e87de63a5737350e41d248f67c54662341ca889c3bd5fc6fc2f516ca20f1ff4d74fca4af247b64ec7795d4c4e8990fffce49bbf037a906

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\inc\EnableUIAccess.ahk

Filesize
8KB

MD5
a3e0ea84c0e5d1cc8681ddb3740ea3e5

SHA1
bcb0e44c9bfa6d16d381bed7f17f959a9423d39c

SHA256
080a03ab1bd80607297cddd34b26decaa92a91f45a43798a3f485d8d771e3c0f

SHA512
74c80a5903a556b74f936a91697a8b5f92e449c6530dfdb0b966e880db9a2d8d0d5099c52e08d0cdbddd4043b8611d11c9162d59dd6a6a59250f7827dd66a4a4

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\inc\GetGitHubReleaseAssetURL.ahk

Filesize
844B

MD5
1a8ab9bb38fd0da51d03dc48e3a0b2ea

SHA1
5c74ddd45c91a39b921139881c76c48c97e35825

SHA256
48a3f822a720b8e9b41165a1d19d56411d1f58036338ebd07ab40f2a14cf0f1b

SHA512
1b88603fb9eb28e717cb77623ff0159f5f45e677c34316dc0c5d5c2ed46c59f10d3afb532b1f99920f91b8098e544873f944b1e0e575efd694dd24bdca22c14e

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\inc\HashFile.ahk

Filesize
2KB

MD5
727ae6f2ec77a5b56774df9da14636d2

SHA1
8216a2122c825127ca59b05b0bae0d57e92f1110

SHA256
84032ecac8ed334cf8788a81bea721b0af5cd7ca7dca57b60cdec3556ae33914

SHA512
f1058216b5d1b8d590eb4cafd5139f71f8df5f96a3fcc314a7635cb1b99de8623d87c57c567868ebdafb09925b8d13fdadcee49fa89f1a239725a92b948272cc

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\inc\README.txt

Filesize
182B

MD5
4b095aae00456aa248024a184671e4d5

SHA1
84ae516fbc62ce0aa10ffeacd7ba865a35a0a375

SHA256
d65c6e73417e6bba7a619f2e68933b74e6ae6141277b65542aed9b6acdfc83ff

SHA512
77aabe92719d8fc7a28c76f3b76fa2e42a188db14f004262d8e913620aa990cde29119b82d919511fc0d828ca0a108ea79858ba158b6a8ed6a260b72b4ee229d

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\inc\ShellRun.ahk

Filesize
420B

MD5
9e53fca8c7f6a9ee179f0fc0a7890ea3

SHA1
dc2a1bf437eea36b3f5ba9318f3b391b405d5cb2

SHA256
ea67340c555fdc1abf8e324ac550ac37d2ba5f96a8edef120e72fb340f8f95c0

SHA512
cad5c07f952fb93413b4a3990c522ba4b446ae41f11c8dd323bdcde1b30fbfd76515606d5dc4bcb8768bd382cdb82553801539a192b002696d253341f3c0dbc5

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\inc\bounce-v1.ahk

Filesize
142B

MD5
165b8fc572f943e3665994f87f1772b7

SHA1
265ca3d2a66a7e1807962eb7e8a444cefb61bc0c

SHA256
9b75c7f804d1d55807459e6f06db2bee8e1fb60ce9c9340d44a7b491ce53b982

SHA512
e675453eef9a10560cb9ea95e993d8068c8dfca3664a140b6ba33361d0736632b8ce3a37770411583f558476173294bcc12b83bf33190d89eb009bfb9bb5f0af

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\inc\common.ahk

Filesize
688B

MD5
dac79ad5a978f0497de70a005b6a6084

SHA1
db100ce15998772fe322679468f46b0f25239eb4

SHA256
dbc1420c9368e954176cd1bc38c0bf5498d721cb7dee50b5abef51611a33c658

SHA512
9f2a2c0e01724ef82860cfb97fbe6196d29b3b41080f04b3f51653f2f535849428b0a245bc954aa57569aa660d5a5a20d2d1e0dbb9081d718bf2deddb051f47c

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\inc\config.ahk

Filesize
429B

MD5
248b58535f55eb55d9baec04a384b5e6

SHA1
76d067318b67da9a3da71a232a887c8935c7068f

SHA256
4d1f241a0c973e30f1bf19e71cadb386b872a14bf0c29d32d4781a56cafd998a

SHA512
0186eb49da706c6cc6f48ecd94a4996c258ecea10bed26b9c79bddf0f7eca32df1449166309237859ca2508427bf79d447a2202eaeba211228da9822646cf23a

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\inc\identify.ahk

Filesize
994B

MD5
c4f4b01aac51b0d52243a3c6b508273f

SHA1
5c82eb24a0b64e157c5ad93c704a392998f061c6

SHA256
e118c75f277ae34fbc70a51abdb1dae024df01d4acbe4210c39c1c03857de57f

SHA512
7f4bc8f36d58f079e8a8bd0ab8b9c2ee9995034ff3b652ebe939f8c3e9f20b6488bb641c956c941f0baa75cdaaa32e6aa1cd0c38f0bd760e6496a4beb5b80a74

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\inc\identify_regex.ahk

Filesize
3KB

MD5
56b3cbe632d3bc9eca60cc289e9f99fb

SHA1
4226d0206445284efbf85865853ea80ca4672ff6

SHA256
b8464a27f37c3ae0753d16be5b6114c272b767e42b56b7e8ba06c6284cb4fc8f

SHA512
5cf62bf2410a575d6ebc601d0bd98602da1599f09b553bad56df5e8aea8d42030bb4d7f553bcc5fae9d460848ac6f84ffcf5e70bd0728df849084ed32bb7ce03

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\inc\launcher-common.ahk

Filesize
2KB

MD5
696750c1861231d07ff4548ad4360dc8

SHA1
eb4b90b17aadf7b1ccdc484840b5500494c4a787

SHA256
f7d5ac8d1cfc77685cdcdbe89abb8ac0a89f5b6eec1ac1385069b72a05d05315

SHA512
5745b58987555c797f90efd65bb9e02e3a9139b934e27b287816be79a988f04eef6dd8b8af43c30f5f4bc5360ca7a3e42a21734915277cf3a18a91ea39ac3636

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\inc\spy.ico

Filesize
4KB

MD5
eeecd8af162d3f318496e0e60d6d8c57

SHA1
31a99c80e4f1033914ce9344e95b84571f76ad2d

SHA256
968473df8eac7264d9e84e6ae91a4d706cda9f89f345d182617b161ef4fe1a7b

SHA512
6f55968adf7f2f02e128945016ed0c4d003c9640e4cbfc7b22b82374647e6ebdb07c02e99240da369789f4107d2c130e54d4acb1324455fd26668c4d1d009884

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\inc\ui-base.ahk

Filesize
4KB

MD5
f4251e653dbbbdd8cf4640bd9855c207

SHA1
d08b6e5796150aa1436fd3da39bfc5fdbaaee297

SHA256
deffd87d99ff125eccac2331a8ba4e3a0044e150e80316e9469dd57f322beda1

SHA512
86896ccb0acbd27eeefe6e02747958cafcca31541638435dfe9f08d89b763144f6b5fb521df11dce4c3f46b186de4905f56ebcc7c57d4c29ef2a0731a6492698

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\install-ahk2exe.ahk

Filesize
1KB

MD5
c90bed0679b789b74e4865ae6f2709a3

SHA1
b0dbee6a237ba93daec76a0553cd3254821d60a1

SHA256
c242ebb51241acab13152d95cdb05be5382ffb97f3dca2da3a4e5a084c2e3ff4

SHA512
f8dfe5c558b427e05905b2a3d8a09632347edf945d47ed4fc82ec38a9045f5837a798ef669f0fdae6504d9eee6762c49c8e6c32adac0f6a3e6c2eed6d48e64b2

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\install-version.ahk

Filesize
4KB

MD5
6f86c34ca7092ae85acc35f6cdd9b584

SHA1
90f3f211e2280b33f28bb962537d6b1470f67a95

SHA256
18639f9d4d61520bc76b7e72d749114f165970705a0419a9b10cb658dde8aab0

SHA512
7f7c86ae891d827870daf12d0c9dec97e1cd1ee28d9d583349fd1fda31ec6399ca52ee0bcdbb59badd951ca263685648aa31932102ec302054fec0be18bbd30d

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\install.ahk

Filesize
38KB

MD5
c7fe49395bde333ec9f4e16cd81fc748

SHA1
5e5b5be21e1d70fc0dd6a968372e249b6bc09b8f

SHA256
c6876cd56267d4275b229ef011957443232c730ac3edf5caf41a678f70f362a4

SHA512
462db3d319ccafec93f64f161cc461e270a9d72320d98193393c3b75e4aa54abba49a53ae7be749e82fcc84070e42d68375fd4a35b58c531acdfa5c58cf61818

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\launcher.ahk

Filesize
14KB

MD5
96c2556250d7040a09e4fbf7b7880eab

SHA1
1f9aeae79349ad311f283bb039d30d4d489e133c

SHA256
098a167d6c949cd530a5c0a70f10499137cfd3947761f4bda1bb11fb7412093d

SHA512
cdd373ab7697f7d3fc83638a652fa64f2e6bbb1eda744c58fc16c0178e4c67afec55bb0802e8c90e89a1d11cb276fb78d03af0df291ec4545ccf3e6afc5014f5

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\reload-v1.ahk

Filesize
556B

MD5
35f4753a58432446b99bf89a9e930bf5

SHA1
babc3341d9d95865a36ea9a20549a61146093006

SHA256
e4659306a755b583e9cef5fdba3b3eb102d8939fb028afd91aad4496e758fad5

SHA512
ac3483a17ead5173ce40a6af55c3c2361652fefd94c0bd82e004df8186ffc31eab194534a25fe995d677f2f71363095d177c01afb6ae50f2b63ba156855ef5e5

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\reset-assoc.ahk

Filesize
1KB

MD5
40daa2aff3aa10f66f7e2c30f57481ec

SHA1
f2973e3c431919a74b174d93dbf069f988efebd9

SHA256
1d4798dbf51177acf72fdb35120bb9221d95db7249725b3d93d8298f4e38b2c1

SHA512
bf8d80b3d98b8f0c195871670a99d751f91f9e0601d9816812129a14c887fec8d21df10cf5bc74ebc7bebe81d8e2e0a922e9d2775d742d371457e9f07b425c55

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\ui-dash.ahk

Filesize
6KB

MD5
669bd791c5aafb60ee0885ef064d3622

SHA1
acefb3c3997e2eadd32413814e71aaaad5a8b6d4

SHA256
e8c0b4e149ad58c57e77aac12041f1fa8bc9f25c6d642d12837efc5fd97b8d21

SHA512
eb0345b3562523c58894752276938c7e5ee63b7c3a660317c9a4c1a93b6e530b12015dd380a8a230324b94a9f042380c1a1d24b49d21c3805a4711cb185a33db

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\ui-editor.ahk

Filesize
8KB

MD5
180dd58400f62dc7edfa6ba435c408ae

SHA1
52c9b9fb423f3b01b86fb78db00ba26d5f90f36b

SHA256
6412208a31f7ca00e375760e4d32f41f9f8d13f398422d45c700e413cf9c05e6

SHA512
d4895399ed10886ae805e48673787933bf9812b1fe14e575f62f56f90ff8b0d95611297af95e8c899a21787baf688bab2c6e21ca78450543616c2b8ec6f06ee5

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\ui-launcherconfig.ahk

Filesize
7KB

MD5
b0cb2a02429abfaa728f704d622946c5

SHA1
8f5df7cacaabee35f192864412488e46bc4deff6

SHA256
2c7d6f58cdcf3eb10734d68c20a6951f276592e738c7d025a95eafcd9111e658

SHA512
51a2b6f421db431d7a71b77531d74fd12f1d9cb2d24719c0b043ae8b0a79c23140d38bc0127d63a99455b0de0c135d53f347637087b27f5919f4868926ca2824

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\ui-newscript.ahk

Filesize
10KB

MD5
934681c007b629a500316517a7827300

SHA1
fe60c73e2bd467ca1ed164552644843a4363b477

SHA256
be7316a2dc06800291f17411c00e6e0a4576879ccc8be1fadafbc1cca9fd133e

SHA512
2a11ff735bf1f8499220986a43dd41c73ace354fa744f17df7d74d6579e444c3e023f5a69f20cd0579faf250878b3b010f289f37fff376adc8118b913fe18654

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\ui-setup.ahk

Filesize
7KB

MD5
bae998e735cbd60d3d77b6d409e1f1d8

SHA1
0313ae245bc925771c173138a679861a49f2371f

SHA256
ffcfa20f51973a33143a06ddd5dc47e3062914759ada7cc5837cb2e94bc8baf3

SHA512
08548497679b56f21867b1afd7ebc4651fc5579d42bf6628b74d374eae69c5da43c518f138e8918fad4808baad7c44911cf0347d205108de2c83d25c28f94c30

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\ui-uninstall.ahk

Filesize
2KB

MD5
0fe4932669e99a498a7bc76975919000

SHA1
e0d6a7b484d3a6c0d7427f611c575f93e4f87ba4

SHA256
1e09fc4af5dc3e673d4facfe4fa849c6bdd0b29c67b0efd7f96aaf387fcef698

SHA512
dd3b99739106953608ac2eb2ecc4e3d316b5122b1b305bd7cfab82fcc7ec0d92b5944f4724d37cbc01ca5c6b5381b57fad9256586b5dfd0026453f9c11a32394

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\license.txt

Filesize
17KB

MD5
e3f2ad7733f3166fe770e4dc00af6c45

SHA1
3d436ffdd69f7187b85e0cf8f075bd6154123623

SHA256
b27c1a7c92686e47f8740850ad24877a50be23fd3dbd44edee50ac1223135e38

SHA512
ed97318d7c5beb425cb70b3557a16729b316180492f6f2177b68f512ba029d5c762ad1085dd56fabe022b5008f33e9ba564d72f8381d05b2e7f0fa5ec1aecdf3

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe

Filesize
1.2MB

MD5
99ec2b896ef799981db726d05baac05c

SHA1
5ba1cd1ced1c8657b45063cd374485b323b93a65

SHA256
18e4d217e5f750735996e5a804147e710e8ff541cec8ef88223afcfb60c18e40

SHA512
7689737430f6d84901e2ccd5f9ac0723cba6faa22edf34199b9814d91da196a420dd358b9a30c7c2642aa564ba8ed2ef1f065679d51c647e8918c7d575c70e37

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe

Filesize
1.2MB

MD5
99ec2b896ef799981db726d05baac05c

SHA1
5ba1cd1ced1c8657b45063cd374485b323b93a65

SHA256
18e4d217e5f750735996e5a804147e710e8ff541cec8ef88223afcfb60c18e40

SHA512
7689737430f6d84901e2ccd5f9ac0723cba6faa22edf34199b9814d91da196a420dd358b9a30c7c2642aa564ba8ed2ef1f065679d51c647e8918c7d575c70e37

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe

Filesize
1.2MB

MD5
99ec2b896ef799981db726d05baac05c

SHA1
5ba1cd1ced1c8657b45063cd374485b323b93a65

SHA256
18e4d217e5f750735996e5a804147e710e8ff541cec8ef88223afcfb60c18e40

SHA512
7689737430f6d84901e2ccd5f9ac0723cba6faa22edf34199b9814d91da196a420dd358b9a30c7c2642aa564ba8ed2ef1f065679d51c647e8918c7d575c70e37

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe

Filesize
1.2MB

MD5
99ec2b896ef799981db726d05baac05c

SHA1
5ba1cd1ced1c8657b45063cd374485b323b93a65

SHA256
18e4d217e5f750735996e5a804147e710e8ff541cec8ef88223afcfb60c18e40

SHA512
7689737430f6d84901e2ccd5f9ac0723cba6faa22edf34199b9814d91da196a420dd358b9a30c7c2642aa564ba8ed2ef1f065679d51c647e8918c7d575c70e37

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\Templates\Minimal for v2.ahk

Filesize
93B

MD5
cdc8756680c459bd511d2bd2895fe2b2

SHA1
a7ea57fd628cfe2f664f2647510c6a412c520dfb

SHA256
7f618d3ca343a0739a52a4a3c4f5b963ed98dc077b60c65fdc77d70fb0ec12d3

SHA512
101722eb5bba352d557e7d70704e24a54a129276857e8cc13f40da26dfa9267a67de79e52a0f552ff676d1825d0fb2eb467837b397d2e6905fa90d6891bccd45

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\WindowSpy.ahk

Filesize
7KB

MD5
765cc539c9eb2b35b5e2784eb8b68695

SHA1
974550dc0fa38a188632f352480d9238be35fc60

SHA256
5915dca20f564240b4e7952bd82abc3fa87561d556b991cf4160dd8fb260a2bf

SHA512
0b2338ff21f5d9219e1c49d33f16d2923e65ff8bdd8b52b65e07f2d45501e072359cc08d903bcb5258bc758e087d073ac8a19c5e98328b737332b8389a4c8701

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\inc\CommandLineToArgs.ahk

Filesize
352B

MD5
e8d9a7e78d6a2a40bfb532b4812bde59

SHA1
5674b63092a69c419a42bab9e7462bde3bdb3cad

SHA256
a6c51e2188e31e3510577263d7b96db147b0df3dfa24c96df8fdd9d73da859ee

SHA512
dd7d78c7724dca4684c732b0f3f8e73af67610de8945255b48b9301672ac0b4f405c802a8cd4c343d53266f492d2d0dcd2727b5ebdb9e90cfc9173876b9ab905

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\inc\CreateAppShortcut.ahk

Filesize
1KB

MD5
2ffbde65b63790c5aa12996e9ef9068c

SHA1
a793986e4e72d5b5a866e927855eacc3a0399a7a

SHA256
40a6f0cda5fd1dff324cab288bb453aa60b41b09dacbfbc64f2d871423f33935

SHA512
315b2803c8e803b238e87de63a5737350e41d248f67c54662341ca889c3bd5fc6fc2f516ca20f1ff4d74fca4af247b64ec7795d4c4e8990fffce49bbf037a906

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\inc\EnableUIAccess.ahk

Filesize
8KB

MD5
a3e0ea84c0e5d1cc8681ddb3740ea3e5

SHA1
bcb0e44c9bfa6d16d381bed7f17f959a9423d39c

SHA256
080a03ab1bd80607297cddd34b26decaa92a91f45a43798a3f485d8d771e3c0f

SHA512
74c80a5903a556b74f936a91697a8b5f92e449c6530dfdb0b966e880db9a2d8d0d5099c52e08d0cdbddd4043b8611d11c9162d59dd6a6a59250f7827dd66a4a4

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\inc\GetGitHubReleaseAssetURL.ahk

Filesize
844B

MD5
1a8ab9bb38fd0da51d03dc48e3a0b2ea

SHA1
5c74ddd45c91a39b921139881c76c48c97e35825

SHA256
48a3f822a720b8e9b41165a1d19d56411d1f58036338ebd07ab40f2a14cf0f1b

SHA512
1b88603fb9eb28e717cb77623ff0159f5f45e677c34316dc0c5d5c2ed46c59f10d3afb532b1f99920f91b8098e544873f944b1e0e575efd694dd24bdca22c14e

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\inc\HashFile.ahk

Filesize
2KB

MD5
727ae6f2ec77a5b56774df9da14636d2

SHA1
8216a2122c825127ca59b05b0bae0d57e92f1110

SHA256
84032ecac8ed334cf8788a81bea721b0af5cd7ca7dca57b60cdec3556ae33914

SHA512
f1058216b5d1b8d590eb4cafd5139f71f8df5f96a3fcc314a7635cb1b99de8623d87c57c567868ebdafb09925b8d13fdadcee49fa89f1a239725a92b948272cc

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\inc\ShellRun.ahk

Filesize
420B

MD5
9e53fca8c7f6a9ee179f0fc0a7890ea3

SHA1
dc2a1bf437eea36b3f5ba9318f3b391b405d5cb2

SHA256
ea67340c555fdc1abf8e324ac550ac37d2ba5f96a8edef120e72fb340f8f95c0

SHA512
cad5c07f952fb93413b4a3990c522ba4b446ae41f11c8dd323bdcde1b30fbfd76515606d5dc4bcb8768bd382cdb82553801539a192b002696d253341f3c0dbc5

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\inc\bounce-v1.ahk

Filesize
142B

MD5
165b8fc572f943e3665994f87f1772b7

SHA1
265ca3d2a66a7e1807962eb7e8a444cefb61bc0c

SHA256
9b75c7f804d1d55807459e6f06db2bee8e1fb60ce9c9340d44a7b491ce53b982

SHA512
e675453eef9a10560cb9ea95e993d8068c8dfca3664a140b6ba33361d0736632b8ce3a37770411583f558476173294bcc12b83bf33190d89eb009bfb9bb5f0af

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\inc\common.ahk

Filesize
688B

MD5
dac79ad5a978f0497de70a005b6a6084

SHA1
db100ce15998772fe322679468f46b0f25239eb4

SHA256
dbc1420c9368e954176cd1bc38c0bf5498d721cb7dee50b5abef51611a33c658

SHA512
9f2a2c0e01724ef82860cfb97fbe6196d29b3b41080f04b3f51653f2f535849428b0a245bc954aa57569aa660d5a5a20d2d1e0dbb9081d718bf2deddb051f47c

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\inc\config.ahk

Filesize
429B

MD5
248b58535f55eb55d9baec04a384b5e6

SHA1
76d067318b67da9a3da71a232a887c8935c7068f

SHA256
4d1f241a0c973e30f1bf19e71cadb386b872a14bf0c29d32d4781a56cafd998a

SHA512
0186eb49da706c6cc6f48ecd94a4996c258ecea10bed26b9c79bddf0f7eca32df1449166309237859ca2508427bf79d447a2202eaeba211228da9822646cf23a

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\inc\identify.ahk

Filesize
994B

MD5
c4f4b01aac51b0d52243a3c6b508273f

SHA1
5c82eb24a0b64e157c5ad93c704a392998f061c6

SHA256
e118c75f277ae34fbc70a51abdb1dae024df01d4acbe4210c39c1c03857de57f

SHA512
7f4bc8f36d58f079e8a8bd0ab8b9c2ee9995034ff3b652ebe939f8c3e9f20b6488bb641c956c941f0baa75cdaaa32e6aa1cd0c38f0bd760e6496a4beb5b80a74

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\inc\identify_regex.ahk

Filesize
3KB

MD5
56b3cbe632d3bc9eca60cc289e9f99fb

SHA1
4226d0206445284efbf85865853ea80ca4672ff6

SHA256
b8464a27f37c3ae0753d16be5b6114c272b767e42b56b7e8ba06c6284cb4fc8f

SHA512
5cf62bf2410a575d6ebc601d0bd98602da1599f09b553bad56df5e8aea8d42030bb4d7f553bcc5fae9d460848ac6f84ffcf5e70bd0728df849084ed32bb7ce03

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\inc\launcher-common.ahk

Filesize
2KB

MD5
696750c1861231d07ff4548ad4360dc8

SHA1
eb4b90b17aadf7b1ccdc484840b5500494c4a787

SHA256
f7d5ac8d1cfc77685cdcdbe89abb8ac0a89f5b6eec1ac1385069b72a05d05315

SHA512
5745b58987555c797f90efd65bb9e02e3a9139b934e27b287816be79a988f04eef6dd8b8af43c30f5f4bc5360ca7a3e42a21734915277cf3a18a91ea39ac3636

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\inc\spy.ico

Filesize
4KB

MD5
eeecd8af162d3f318496e0e60d6d8c57

SHA1
31a99c80e4f1033914ce9344e95b84571f76ad2d

SHA256
968473df8eac7264d9e84e6ae91a4d706cda9f89f345d182617b161ef4fe1a7b

SHA512
6f55968adf7f2f02e128945016ed0c4d003c9640e4cbfc7b22b82374647e6ebdb07c02e99240da369789f4107d2c130e54d4acb1324455fd26668c4d1d009884

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\inc\ui-base.ahk

Filesize
4KB

MD5
f4251e653dbbbdd8cf4640bd9855c207

SHA1
d08b6e5796150aa1436fd3da39bfc5fdbaaee297

SHA256
deffd87d99ff125eccac2331a8ba4e3a0044e150e80316e9469dd57f322beda1

SHA512
86896ccb0acbd27eeefe6e02747958cafcca31541638435dfe9f08d89b763144f6b5fb521df11dce4c3f46b186de4905f56ebcc7c57d4c29ef2a0731a6492698

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\install-ahk2exe.ahk

Filesize
1KB

MD5
c90bed0679b789b74e4865ae6f2709a3

SHA1
b0dbee6a237ba93daec76a0553cd3254821d60a1

SHA256
c242ebb51241acab13152d95cdb05be5382ffb97f3dca2da3a4e5a084c2e3ff4

SHA512
f8dfe5c558b427e05905b2a3d8a09632347edf945d47ed4fc82ec38a9045f5837a798ef669f0fdae6504d9eee6762c49c8e6c32adac0f6a3e6c2eed6d48e64b2

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\install.ahk

Filesize
38KB

MD5
c7fe49395bde333ec9f4e16cd81fc748

SHA1
5e5b5be21e1d70fc0dd6a968372e249b6bc09b8f

SHA256
c6876cd56267d4275b229ef011957443232c730ac3edf5caf41a678f70f362a4

SHA512
462db3d319ccafec93f64f161cc461e270a9d72320d98193393c3b75e4aa54abba49a53ae7be749e82fcc84070e42d68375fd4a35b58c531acdfa5c58cf61818

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\launcher.ahk

Filesize
14KB

MD5
96c2556250d7040a09e4fbf7b7880eab

SHA1
1f9aeae79349ad311f283bb039d30d4d489e133c

SHA256
098a167d6c949cd530a5c0a70f10499137cfd3947761f4bda1bb11fb7412093d

SHA512
cdd373ab7697f7d3fc83638a652fa64f2e6bbb1eda744c58fc16c0178e4c67afec55bb0802e8c90e89a1d11cb276fb78d03af0df291ec4545ccf3e6afc5014f5

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\reset-assoc.ahk

Filesize
1KB

MD5
40daa2aff3aa10f66f7e2c30f57481ec

SHA1
f2973e3c431919a74b174d93dbf069f988efebd9

SHA256
1d4798dbf51177acf72fdb35120bb9221d95db7249725b3d93d8298f4e38b2c1

SHA512
bf8d80b3d98b8f0c195871670a99d751f91f9e0601d9816812129a14c887fec8d21df10cf5bc74ebc7bebe81d8e2e0a922e9d2775d742d371457e9f07b425c55

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\ui-dash.ahk

Filesize
6KB

MD5
669bd791c5aafb60ee0885ef064d3622

SHA1
acefb3c3997e2eadd32413814e71aaaad5a8b6d4

SHA256
e8c0b4e149ad58c57e77aac12041f1fa8bc9f25c6d642d12837efc5fd97b8d21

SHA512
eb0345b3562523c58894752276938c7e5ee63b7c3a660317c9a4c1a93b6e530b12015dd380a8a230324b94a9f042380c1a1d24b49d21c3805a4711cb185a33db

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\ui-editor.ahk

Filesize
8KB

MD5
180dd58400f62dc7edfa6ba435c408ae

SHA1
52c9b9fb423f3b01b86fb78db00ba26d5f90f36b

SHA256
6412208a31f7ca00e375760e4d32f41f9f8d13f398422d45c700e413cf9c05e6

SHA512
d4895399ed10886ae805e48673787933bf9812b1fe14e575f62f56f90ff8b0d95611297af95e8c899a21787baf688bab2c6e21ca78450543616c2b8ec6f06ee5

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\ui-launcherconfig.ahk

Filesize
7KB

MD5
b0cb2a02429abfaa728f704d622946c5

SHA1
8f5df7cacaabee35f192864412488e46bc4deff6

SHA256
2c7d6f58cdcf3eb10734d68c20a6951f276592e738c7d025a95eafcd9111e658

SHA512
51a2b6f421db431d7a71b77531d74fd12f1d9cb2d24719c0b043ae8b0a79c23140d38bc0127d63a99455b0de0c135d53f347637087b27f5919f4868926ca2824

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\ui-newscript.ahk

Filesize
10KB

MD5
934681c007b629a500316517a7827300

SHA1
fe60c73e2bd467ca1ed164552644843a4363b477

SHA256
be7316a2dc06800291f17411c00e6e0a4576879ccc8be1fadafbc1cca9fd133e

SHA512
2a11ff735bf1f8499220986a43dd41c73ace354fa744f17df7d74d6579e444c3e023f5a69f20cd0579faf250878b3b010f289f37fff376adc8118b913fe18654

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\WindowSpy.ahk

Filesize
159B

MD5
e5918a52b52ca3ce2e99788a26477984

SHA1
87c2b54b65663e1e29e866224faeed7e8bac759b

SHA256
c1908cfc4b224b3bc8d1a5c67cfe4acdb4e738d8acf98560905afc412981c18b

SHA512
4f320cbea5adfed4b07012e04281e8713689271932b26d3886e3519389b15e2adadb87217c5bf09b080d3db976c77accf555493b7eab5ceb45bc59131772f8e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab96D6.tmp

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9AA4.tmp

Filesize
161KB

MD5
be2bec6e8c5653136d3e72fe53c98aa3

SHA1
a8182d6db17c14671c3d5766c72e58d87c0810de

SHA256
1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

SHA512
0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AutoHotkey Window Spy.lnk

Filesize
2KB

MD5
b9153a16d80dcdeba15f490b22efa899

SHA1
7b63c1603b1cd3410d31e559ba1d1289a0aab4f8

SHA256
f7197b9f84ed1fc9bf2ab17cc95d58fd5bd470156c67db27748deb5165fbc078

SHA512
d7c2ad531490c673bdc6c5fd2dccf5e07b920c8c95b7d5a925e89e77a186a6963cea7fcee65440d2afc009227d3c5f6d6048423313d55570fd877bc9e642cc23

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AutoHotkey.lnk

Filesize
1KB

MD5
b954c650a81256a31224d132b7cda6c4

SHA1
93e7e73e91cb93b11b5bea5bf60716d156af170f

SHA256
a4b8958a04661537a08ad2fb3dc2f6e131add62069fae7b6c47079b4f543f40c

SHA512
65ec2975ec1e4776eb8eab1c7662b213c21ba60b1fed88e134523be26b9e93980329b8cb7724c5626f944aee9b09b69435e6e2836d7cff52b35a2f7ef2706c31

Download Submit
C:\Users\Admin\Documents\AutoHotkey\Untitled.ahk

Filesize
3B

MD5
ecaa88f7fa0bf610a5a26cf545dcd3aa

SHA1
57218c316b6921e2cd61027a2387edc31a2d9471

SHA256
f1945cd6c19e56b3c1c78943ef5ec18116907a4ca1efc40a57d48ab1db7adfc5

SHA512
37c783b80b1d458b89e712c2dfe2777050eff0aefc9f6d8beedee77807d9aeb2e27d14815cf4f0229b1d36c186bb5f2b5ef55e632b108cc41e9fb964c39b42a5

Download Submit
\??\c:\users\admin\appdata\local\programs\autohotkey\ux\autohotkeyux.exe

Filesize
1.2MB

MD5
99ec2b896ef799981db726d05baac05c

SHA1
5ba1cd1ced1c8657b45063cd374485b323b93a65

SHA256
18e4d217e5f750735996e5a804147e710e8ff541cec8ef88223afcfb60c18e40

SHA512
7689737430f6d84901e2ccd5f9ac0723cba6faa22edf34199b9814d91da196a420dd358b9a30c7c2642aa564ba8ed2ef1f065679d51c647e8918c7d575c70e37

Download Submit
\Program Files\AutoHotkey\v2\AutoHotkey32_UIA.exe

Filesize
955KB

MD5
756e244fdf729022c26f2de05c4a7249

SHA1
e0f8658e1e0e8b0f39809a45d8f6db14af707dae

SHA256
528ac75827d90533ff0ce9da73ba20a67161ff391c239d1f5eda4c17dc5b6978

SHA512
80a818775c8f01ac9968c157d7f6773fa34d3064e86aa8109a05f19a8da8ebf8dfb112cda12bfe3bb8648f063c64b99389ef049c19e6b96f77e01241eba56724

Download Submit
\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe

Filesize
1.2MB

MD5
99ec2b896ef799981db726d05baac05c

SHA1
5ba1cd1ced1c8657b45063cd374485b323b93a65

SHA256
18e4d217e5f750735996e5a804147e710e8ff541cec8ef88223afcfb60c18e40

SHA512
7689737430f6d84901e2ccd5f9ac0723cba6faa22edf34199b9814d91da196a420dd358b9a30c7c2642aa564ba8ed2ef1f065679d51c647e8918c7d575c70e37

Download Submit
\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe

Filesize
1.2MB

MD5
99ec2b896ef799981db726d05baac05c

SHA1
5ba1cd1ced1c8657b45063cd374485b323b93a65

SHA256
18e4d217e5f750735996e5a804147e710e8ff541cec8ef88223afcfb60c18e40

SHA512
7689737430f6d84901e2ccd5f9ac0723cba6faa22edf34199b9814d91da196a420dd358b9a30c7c2642aa564ba8ed2ef1f065679d51c647e8918c7d575c70e37

Download Submit
\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe

Filesize
1.2MB

MD5
99ec2b896ef799981db726d05baac05c

SHA1
5ba1cd1ced1c8657b45063cd374485b323b93a65

SHA256
18e4d217e5f750735996e5a804147e710e8ff541cec8ef88223afcfb60c18e40

SHA512
7689737430f6d84901e2ccd5f9ac0723cba6faa22edf34199b9814d91da196a420dd358b9a30c7c2642aa564ba8ed2ef1f065679d51c647e8918c7d575c70e37

Download Submit
\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe

Filesize
1.2MB

MD5
99ec2b896ef799981db726d05baac05c

SHA1
5ba1cd1ced1c8657b45063cd374485b323b93a65

SHA256
18e4d217e5f750735996e5a804147e710e8ff541cec8ef88223afcfb60c18e40

SHA512
7689737430f6d84901e2ccd5f9ac0723cba6faa22edf34199b9814d91da196a420dd358b9a30c7c2642aa564ba8ed2ef1f065679d51c647e8918c7d575c70e37

Download Submit
\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe

Filesize
1.2MB

MD5
99ec2b896ef799981db726d05baac05c

SHA1
5ba1cd1ced1c8657b45063cd374485b323b93a65

SHA256
18e4d217e5f750735996e5a804147e710e8ff541cec8ef88223afcfb60c18e40

SHA512
7689737430f6d84901e2ccd5f9ac0723cba6faa22edf34199b9814d91da196a420dd358b9a30c7c2642aa564ba8ed2ef1f065679d51c647e8918c7d575c70e37

Download Submit
\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe

Filesize
1.2MB

MD5
99ec2b896ef799981db726d05baac05c

SHA1
5ba1cd1ced1c8657b45063cd374485b323b93a65

SHA256
18e4d217e5f750735996e5a804147e710e8ff541cec8ef88223afcfb60c18e40

SHA512
7689737430f6d84901e2ccd5f9ac0723cba6faa22edf34199b9814d91da196a420dd358b9a30c7c2642aa564ba8ed2ef1f065679d51c647e8918c7d575c70e37

Download Submit
\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe

Filesize
1.2MB

MD5
99ec2b896ef799981db726d05baac05c

SHA1
5ba1cd1ced1c8657b45063cd374485b323b93a65

SHA256
18e4d217e5f750735996e5a804147e710e8ff541cec8ef88223afcfb60c18e40

SHA512
7689737430f6d84901e2ccd5f9ac0723cba6faa22edf34199b9814d91da196a420dd358b9a30c7c2642aa564ba8ed2ef1f065679d51c647e8918c7d575c70e37

Download Submit
\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe

Filesize
1.2MB

MD5
99ec2b896ef799981db726d05baac05c

SHA1
5ba1cd1ced1c8657b45063cd374485b323b93a65

SHA256
18e4d217e5f750735996e5a804147e710e8ff541cec8ef88223afcfb60c18e40

SHA512
7689737430f6d84901e2ccd5f9ac0723cba6faa22edf34199b9814d91da196a420dd358b9a30c7c2642aa564ba8ed2ef1f065679d51c647e8918c7d575c70e37

Download Submit
\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe

Filesize
1.2MB

MD5
99ec2b896ef799981db726d05baac05c

SHA1
5ba1cd1ced1c8657b45063cd374485b323b93a65

SHA256
18e4d217e5f750735996e5a804147e710e8ff541cec8ef88223afcfb60c18e40

SHA512
7689737430f6d84901e2ccd5f9ac0723cba6faa22edf34199b9814d91da196a420dd358b9a30c7c2642aa564ba8ed2ef1f065679d51c647e8918c7d575c70e37

Download Submit
\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe

Filesize
1.2MB

MD5
99ec2b896ef799981db726d05baac05c

SHA1
5ba1cd1ced1c8657b45063cd374485b323b93a65

SHA256
18e4d217e5f750735996e5a804147e710e8ff541cec8ef88223afcfb60c18e40

SHA512
7689737430f6d84901e2ccd5f9ac0723cba6faa22edf34199b9814d91da196a420dd358b9a30c7c2642aa564ba8ed2ef1f065679d51c647e8918c7d575c70e37

Download Submit
\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe

Filesize
1.2MB

MD5
99ec2b896ef799981db726d05baac05c

SHA1
5ba1cd1ced1c8657b45063cd374485b323b93a65

SHA256
18e4d217e5f750735996e5a804147e710e8ff541cec8ef88223afcfb60c18e40

SHA512
7689737430f6d84901e2ccd5f9ac0723cba6faa22edf34199b9814d91da196a420dd358b9a30c7c2642aa564ba8ed2ef1f065679d51c647e8918c7d575c70e37

Download Submit
\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe

Filesize
1.2MB

MD5
99ec2b896ef799981db726d05baac05c

SHA1
5ba1cd1ced1c8657b45063cd374485b323b93a65

SHA256
18e4d217e5f750735996e5a804147e710e8ff541cec8ef88223afcfb60c18e40

SHA512
7689737430f6d84901e2ccd5f9ac0723cba6faa22edf34199b9814d91da196a420dd358b9a30c7c2642aa564ba8ed2ef1f065679d51c647e8918c7d575c70e37

Download Submit
\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe

Filesize
1.2MB

MD5
99ec2b896ef799981db726d05baac05c

SHA1
5ba1cd1ced1c8657b45063cd374485b323b93a65

SHA256
18e4d217e5f750735996e5a804147e710e8ff541cec8ef88223afcfb60c18e40

SHA512
7689737430f6d84901e2ccd5f9ac0723cba6faa22edf34199b9814d91da196a420dd358b9a30c7c2642aa564ba8ed2ef1f065679d51c647e8918c7d575c70e37

Download Submit
\Users\Admin\AppData\Local\Programs\AutoHotkey\v2\AutoHotkey32.exe

Filesize
955KB

MD5
756e244fdf729022c26f2de05c4a7249

SHA1
e0f8658e1e0e8b0f39809a45d8f6db14af707dae

SHA256
528ac75827d90533ff0ce9da73ba20a67161ff391c239d1f5eda4c17dc5b6978

SHA512
80a818775c8f01ac9968c157d7f6773fa34d3064e86aa8109a05f19a8da8ebf8dfb112cda12bfe3bb8648f063c64b99389ef049c19e6b96f77e01241eba56724

Download Submit
\Users\Admin\AppData\Local\Programs\AutoHotkey\v2\AutoHotkey32.exe

Filesize
955KB

MD5
756e244fdf729022c26f2de05c4a7249

SHA1
e0f8658e1e0e8b0f39809a45d8f6db14af707dae

SHA256
528ac75827d90533ff0ce9da73ba20a67161ff391c239d1f5eda4c17dc5b6978

SHA512
80a818775c8f01ac9968c157d7f6773fa34d3064e86aa8109a05f19a8da8ebf8dfb112cda12bfe3bb8648f063c64b99389ef049c19e6b96f77e01241eba56724

Download Submit
\Users\Admin\AppData\Local\Programs\AutoHotkey\v2\AutoHotkey64.exe

Filesize
1.2MB

MD5
99ec2b896ef799981db726d05baac05c

SHA1
5ba1cd1ced1c8657b45063cd374485b323b93a65

SHA256
18e4d217e5f750735996e5a804147e710e8ff541cec8ef88223afcfb60c18e40

SHA512
7689737430f6d84901e2ccd5f9ac0723cba6faa22edf34199b9814d91da196a420dd358b9a30c7c2642aa564ba8ed2ef1f065679d51c647e8918c7d575c70e37

Download Submit
\Users\Admin\AppData\Local\Programs\AutoHotkey\v2\AutoHotkey64.exe

Filesize
1.2MB

MD5
99ec2b896ef799981db726d05baac05c

SHA1
5ba1cd1ced1c8657b45063cd374485b323b93a65

SHA256
18e4d217e5f750735996e5a804147e710e8ff541cec8ef88223afcfb60c18e40

SHA512
7689737430f6d84901e2ccd5f9ac0723cba6faa22edf34199b9814d91da196a420dd358b9a30c7c2642aa564ba8ed2ef1f065679d51c647e8918c7d575c70e37

Download Submit
memory/764-600-0x0000000000060000-0x0000000000061000-memory.dmp

Filesize
4KB

Download
memory/1148-689-0x0000000077540000-0x0000000077541000-memory.dmp

Filesize
4KB

Download
memory/1352-56-0x0000000003980000-0x0000000003EAB000-memory.dmp

Filesize
5.2MB

Download
memory/1352-55-0x0000000000400000-0x000000000092B000-memory.dmp

Filesize
5.2MB

Download
memory/1352-54-0x0000000000400000-0x000000000092B000-memory.dmp

Filesize
5.2MB

Download
memory/1480-597-0x0000000003730000-0x0000000003731000-memory.dmp

Filesize
4KB

Download
memory/1480-735-0x0000000003730000-0x0000000003731000-memory.dmp

Filesize
4KB

Download
memory/1480-590-0x0000000003740000-0x0000000003750000-memory.dmp

Filesize
64KB

Download
memory/1640-250-0x0000000000400000-0x000000000092B000-memory.dmp

Filesize
5.2MB

Download
memory/1640-249-0x0000000000400000-0x000000000092B000-memory.dmp

Filesize
5.2MB

Download
memory/1688-251-0x0000000000400000-0x000000000092B000-memory.dmp

Filesize
5.2MB

Download
memory/1688-570-0x0000000000400000-0x000000000092B000-memory.dmp

Filesize
5.2MB

Download
memory/1804-248-0x0000000000400000-0x000000000092B000-memory.dmp

Filesize
5.2MB

Download
memory/1804-212-0x0000000000400000-0x000000000092B000-memory.dmp

Filesize
5.2MB

Download
memory/1804-210-0x0000000000400000-0x000000000092B000-memory.dmp

Filesize
5.2MB

Download
memory/1804-57-0x0000000000400000-0x000000000092B000-memory.dmp

Filesize
5.2MB

Download