Analysis

  • max time kernel
    142s
  • max time network
    202s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/11/2023, 18:48

General

  • Target

    AutoHotkey_2.0.10_setup.exe

  • Size

    2.8MB

  • MD5

    1863183be995c815c89fddd3e58f39a2

  • SHA1

    4d1fc2697a388817da24aa4197569ceac45589e9

  • SHA256

    2cd1b00947abe2df2cba3997d7bdd5a9043ebe598987f0e9cade0aceb73f9edd

  • SHA512

    406a47c83d3f85468269481a7ea683679285faec2d73267b06e9d21e964b2eab1293aea4bccdc8a5406b5fbcb3fd617d20a492c6f75aeb9b79c9c68a6506f7bd

  • SSDEEP

    49152:r3kBT5VnpFeCdjtNaUC8s5w+++9p+v/cAQGiP42veuXNidDkuusNGnXpYv63:ET5Br9CTw5w4/l7SveuXshHusoX+

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • UPX packed file 11 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AutoHotkey_2.0.10_setup.exe
    "C:\Users\Admin\AppData\Local\Temp\AutoHotkey_2.0.10_setup.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1164
    • C:\Users\Admin\AppData\Local\Temp\AutoHotkey_2.0.10_setup.exe
      "C:\Users\Admin\AppData\Local\Temp\AutoHotkey_2.0.10_setup.exe" /to "C:\Program Files\AutoHotkey"
      2⤵
      • Drops file in Program Files directory
      • Modifies registry class
      • Modifies system certificate store
      • Suspicious use of WriteProcessMemory
      PID:1720
      • C:\Users\Admin\AppData\Local\Temp\AutoHotkey_2.0.10_setup.exe
        "C:\Users\Admin\AppData\Local\Temp\AutoHotkey_2.0.10_setup.exe" /restart /script "*#1"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2436
        • C:\Users\Admin\AppData\Local\Temp\AutoHotkey_2.0.10_setup.exe
          "C:\Users\Admin\AppData\Local\Temp\AutoHotkey_2.0.10_setup.exe" /to "C:\Users\Admin\AppData\Local\Programs\AutoHotkey" /user
          4⤵
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2044
          • C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe
            "C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe" "C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\reset-assoc.ahk" /check
            5⤵
            • Executes dropped EXE
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            PID:3680
  • C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe
    "C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe" UX\ui-dash.ahk
    1⤵
    • Executes dropped EXE
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:4488
    • C:\Windows\hh.exe
      hh.exe "ms-its:C:\Users\Admin\AppData\Local\Programs\AutoHotkey\v2\AutoHotkey.chm::docs/Program.htm"
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:1140
    • C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe
      "C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe" /script WindowSpy.ahk
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2552

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.10_setup.exe\AutoHotkey32.exe

          Filesize

          956KB

          MD5

          e2bc50c3ae1ef4c82e72e5adb3bc8da2

          SHA1

          b21a7250fba3f033f9f412a8272ee4d7e313862d

          SHA256

          5909ab34354db1da3a6bd53febd59270e1866221c835c7abaae4885f39421278

          SHA512

          e730a3ad558e3888c46dc45a34d15727ee9b2cfde4dfbad04a2c281aec01dfec07c68daa0fe314260c2a4fba546b82f43c39c06d74baff5e41d20fcf47de6861

        • C:\Program Files\AutoHotkey\UX\Templates\Minimal for v2.ahk

          Filesize

          93B

          MD5

          cdc8756680c459bd511d2bd2895fe2b2

          SHA1

          a7ea57fd628cfe2f664f2647510c6a412c520dfb

          SHA256

          7f618d3ca343a0739a52a4a3c4f5b963ed98dc077b60c65fdc77d70fb0ec12d3

          SHA512

          101722eb5bba352d557e7d70704e24a54a129276857e8cc13f40da26dfa9267a67de79e52a0f552ff676d1825d0fb2eb467837b397d2e6905fa90d6891bccd45

        • C:\Program Files\AutoHotkey\UX\WindowSpy.ahk

          Filesize

          7KB

          MD5

          df8e9aeada93eb205cb9051ab3379e8d

          SHA1

          b5be87c37b052366d05aa757c0806fc9bfc05671

          SHA256

          6b7717b030b7dd107af72a04cf550f35654f32342934230705b81ca92ede8c74

          SHA512

          c82608ea54b68a7124f0d14daf1962fa23b4e016ca596f268bbd97e15ef5795fe321922d88d54ec4237fc75606dc19f7761b68b2b5c02287459de24d7825f82c

        • C:\Program Files\AutoHotkey\UX\inc\CommandLineToArgs.ahk

          Filesize

          352B

          MD5

          e8d9a7e78d6a2a40bfb532b4812bde59

          SHA1

          5674b63092a69c419a42bab9e7462bde3bdb3cad

          SHA256

          a6c51e2188e31e3510577263d7b96db147b0df3dfa24c96df8fdd9d73da859ee

          SHA512

          dd7d78c7724dca4684c732b0f3f8e73af67610de8945255b48b9301672ac0b4f405c802a8cd4c343d53266f492d2d0dcd2727b5ebdb9e90cfc9173876b9ab905

        • C:\Program Files\AutoHotkey\UX\inc\CreateAppShortcut.ahk

          Filesize

          1KB

          MD5

          2ffbde65b63790c5aa12996e9ef9068c

          SHA1

          a793986e4e72d5b5a866e927855eacc3a0399a7a

          SHA256

          40a6f0cda5fd1dff324cab288bb453aa60b41b09dacbfbc64f2d871423f33935

          SHA512

          315b2803c8e803b238e87de63a5737350e41d248f67c54662341ca889c3bd5fc6fc2f516ca20f1ff4d74fca4af247b64ec7795d4c4e8990fffce49bbf037a906

        • C:\Program Files\AutoHotkey\UX\inc\EnableUIAccess.ahk

          Filesize

          8KB

          MD5

          8b9234917023ea4c63ba31d9406ad360

          SHA1

          6da852d002772e920fb81d4226ea1ee74f260ab9

          SHA256

          78248c4b842b8efb0db259c7ad6a26cb04483822b399f24b612dc48fe0f0e8a3

          SHA512

          7dd0d08aaa881c455ce1b8d246cc550e2623e5fc90935e22ccfcf8fc8a001ce0bc2ef8be37c1be056d8713b7f4d94851a9d1910ce11c3ea99c92bd78c55cf139

        • C:\Program Files\AutoHotkey\UX\inc\GetGitHubReleaseAssetURL.ahk

          Filesize

          844B

          MD5

          1a8ab9bb38fd0da51d03dc48e3a0b2ea

          SHA1

          5c74ddd45c91a39b921139881c76c48c97e35825

          SHA256

          48a3f822a720b8e9b41165a1d19d56411d1f58036338ebd07ab40f2a14cf0f1b

          SHA512

          1b88603fb9eb28e717cb77623ff0159f5f45e677c34316dc0c5d5c2ed46c59f10d3afb532b1f99920f91b8098e544873f944b1e0e575efd694dd24bdca22c14e

        • C:\Program Files\AutoHotkey\UX\inc\HashFile.ahk

          Filesize

          2KB

          MD5

          727ae6f2ec77a5b56774df9da14636d2

          SHA1

          8216a2122c825127ca59b05b0bae0d57e92f1110

          SHA256

          84032ecac8ed334cf8788a81bea721b0af5cd7ca7dca57b60cdec3556ae33914

          SHA512

          f1058216b5d1b8d590eb4cafd5139f71f8df5f96a3fcc314a7635cb1b99de8623d87c57c567868ebdafb09925b8d13fdadcee49fa89f1a239725a92b948272cc

        • C:\Program Files\AutoHotkey\UX\inc\README.txt

          Filesize

          182B

          MD5

          4b095aae00456aa248024a184671e4d5

          SHA1

          84ae516fbc62ce0aa10ffeacd7ba865a35a0a375

          SHA256

          d65c6e73417e6bba7a619f2e68933b74e6ae6141277b65542aed9b6acdfc83ff

          SHA512

          77aabe92719d8fc7a28c76f3b76fa2e42a188db14f004262d8e913620aa990cde29119b82d919511fc0d828ca0a108ea79858ba158b6a8ed6a260b72b4ee229d

        • C:\Program Files\AutoHotkey\UX\inc\ShellRun.ahk

          Filesize

          420B

          MD5

          9e53fca8c7f6a9ee179f0fc0a7890ea3

          SHA1

          dc2a1bf437eea36b3f5ba9318f3b391b405d5cb2

          SHA256

          ea67340c555fdc1abf8e324ac550ac37d2ba5f96a8edef120e72fb340f8f95c0

          SHA512

          cad5c07f952fb93413b4a3990c522ba4b446ae41f11c8dd323bdcde1b30fbfd76515606d5dc4bcb8768bd382cdb82553801539a192b002696d253341f3c0dbc5

        • C:\Program Files\AutoHotkey\UX\inc\bounce-v1.ahk

          Filesize

          142B

          MD5

          165b8fc572f943e3665994f87f1772b7

          SHA1

          265ca3d2a66a7e1807962eb7e8a444cefb61bc0c

          SHA256

          9b75c7f804d1d55807459e6f06db2bee8e1fb60ce9c9340d44a7b491ce53b982

          SHA512

          e675453eef9a10560cb9ea95e993d8068c8dfca3664a140b6ba33361d0736632b8ce3a37770411583f558476173294bcc12b83bf33190d89eb009bfb9bb5f0af

        • C:\Program Files\AutoHotkey\UX\inc\common.ahk

          Filesize

          688B

          MD5

          dac79ad5a978f0497de70a005b6a6084

          SHA1

          db100ce15998772fe322679468f46b0f25239eb4

          SHA256

          dbc1420c9368e954176cd1bc38c0bf5498d721cb7dee50b5abef51611a33c658

          SHA512

          9f2a2c0e01724ef82860cfb97fbe6196d29b3b41080f04b3f51653f2f535849428b0a245bc954aa57569aa660d5a5a20d2d1e0dbb9081d718bf2deddb051f47c

        • C:\Program Files\AutoHotkey\UX\inc\config.ahk

          Filesize

          429B

          MD5

          248b58535f55eb55d9baec04a384b5e6

          SHA1

          76d067318b67da9a3da71a232a887c8935c7068f

          SHA256

          4d1f241a0c973e30f1bf19e71cadb386b872a14bf0c29d32d4781a56cafd998a

          SHA512

          0186eb49da706c6cc6f48ecd94a4996c258ecea10bed26b9c79bddf0f7eca32df1449166309237859ca2508427bf79d447a2202eaeba211228da9822646cf23a

        • C:\Program Files\AutoHotkey\UX\inc\identify.ahk

          Filesize

          994B

          MD5

          c4f4b01aac51b0d52243a3c6b508273f

          SHA1

          5c82eb24a0b64e157c5ad93c704a392998f061c6

          SHA256

          e118c75f277ae34fbc70a51abdb1dae024df01d4acbe4210c39c1c03857de57f

          SHA512

          7f4bc8f36d58f079e8a8bd0ab8b9c2ee9995034ff3b652ebe939f8c3e9f20b6488bb641c956c941f0baa75cdaaa32e6aa1cd0c38f0bd760e6496a4beb5b80a74

        • C:\Program Files\AutoHotkey\UX\inc\identify_regex.ahk

          Filesize

          3KB

          MD5

          59328caf3ffae0d1a11f286c1b143706

          SHA1

          b1aecf54767e5f42e58e2bfa42224dfc1b67f684

          SHA256

          7d0c30e7341fbf9b7a360549934a7968be8ac45b46a9c135a106f5045646ee72

          SHA512

          37972528e469fc9a67057977d3ecf307eb79e24ddab5fd6630ef07059427f51a58912d14e765b75416d3c09dd4b693f738f3466ec29d4fbea2752d55907f6418

        • C:\Program Files\AutoHotkey\UX\inc\launcher-common.ahk

          Filesize

          2KB

          MD5

          696750c1861231d07ff4548ad4360dc8

          SHA1

          eb4b90b17aadf7b1ccdc484840b5500494c4a787

          SHA256

          f7d5ac8d1cfc77685cdcdbe89abb8ac0a89f5b6eec1ac1385069b72a05d05315

          SHA512

          5745b58987555c797f90efd65bb9e02e3a9139b934e27b287816be79a988f04eef6dd8b8af43c30f5f4bc5360ca7a3e42a21734915277cf3a18a91ea39ac3636

        • C:\Program Files\AutoHotkey\UX\inc\spy.ico

          Filesize

          4KB

          MD5

          eeecd8af162d3f318496e0e60d6d8c57

          SHA1

          31a99c80e4f1033914ce9344e95b84571f76ad2d

          SHA256

          968473df8eac7264d9e84e6ae91a4d706cda9f89f345d182617b161ef4fe1a7b

          SHA512

          6f55968adf7f2f02e128945016ed0c4d003c9640e4cbfc7b22b82374647e6ebdb07c02e99240da369789f4107d2c130e54d4acb1324455fd26668c4d1d009884

        • C:\Program Files\AutoHotkey\UX\inc\ui-base.ahk

          Filesize

          4KB

          MD5

          f4251e653dbbbdd8cf4640bd9855c207

          SHA1

          d08b6e5796150aa1436fd3da39bfc5fdbaaee297

          SHA256

          deffd87d99ff125eccac2331a8ba4e3a0044e150e80316e9469dd57f322beda1

          SHA512

          86896ccb0acbd27eeefe6e02747958cafcca31541638435dfe9f08d89b763144f6b5fb521df11dce4c3f46b186de4905f56ebcc7c57d4c29ef2a0731a6492698

        • C:\Program Files\AutoHotkey\UX\install-ahk2exe.ahk

          Filesize

          1KB

          MD5

          c90bed0679b789b74e4865ae6f2709a3

          SHA1

          b0dbee6a237ba93daec76a0553cd3254821d60a1

          SHA256

          c242ebb51241acab13152d95cdb05be5382ffb97f3dca2da3a4e5a084c2e3ff4

          SHA512

          f8dfe5c558b427e05905b2a3d8a09632347edf945d47ed4fc82ec38a9045f5837a798ef669f0fdae6504d9eee6762c49c8e6c32adac0f6a3e6c2eed6d48e64b2

        • C:\Program Files\AutoHotkey\UX\install-version.ahk

          Filesize

          4KB

          MD5

          30b87fbfadc592c38be9d82edf597fa3

          SHA1

          1ff5d720858a38bdd2e21a5a492938c07b2811a5

          SHA256

          1e59921bcddb3c41651eb01605cdefcdee3c6adec5db6b7cafb7ab801ead5e1e

          SHA512

          79a407cad251f45d13c0505cdf7e27a281455e3eefe1f7fc5aedd658297351ac7dbbce21065a29ed9d86c6b908a175cd83201e0d60e972865e6258c2f8c145a7

        • C:\Program Files\AutoHotkey\UX\install.ahk

          Filesize

          38KB

          MD5

          3c6fc56456d2afde1a79783e867110bd

          SHA1

          003b0aff8294339adfa3b9b8ae85f042f0455d26

          SHA256

          123899120bf5bd56fc0a01fe394482fe6f2de00c1f0469c1dda4977b403b1a89

          SHA512

          1bacfd16e4893efa8f0aff24e273e94a520daf28945cf4e80e137b5546bb38794edee5c910ae9d01bff89aa4721d2dd3c26b6b9f29087ddc0a7842a10b8255dc

        • C:\Program Files\AutoHotkey\UX\launcher.ahk

          Filesize

          17KB

          MD5

          7cd61a83ca5bdc4ed6db31c6f9acb76e

          SHA1

          ac5a868862e48bdcaa64d88b9ce79f15383b9b98

          SHA256

          53220aef3079415dd55f9872a0fb0aaa38a8ea1b699592a88f7a7eef614cbe70

          SHA512

          8d8e65fef7b777a9e4588094b4ee3b4453a726a7da33123c0da06e085b2c78f30348a255466288a14d2959355a7b3707793d6095bd8e342ef71b7215de2e1fe0

        • C:\Program Files\AutoHotkey\UX\reload-v1.ahk

          Filesize

          556B

          MD5

          35f4753a58432446b99bf89a9e930bf5

          SHA1

          babc3341d9d95865a36ea9a20549a61146093006

          SHA256

          e4659306a755b583e9cef5fdba3b3eb102d8939fb028afd91aad4496e758fad5

          SHA512

          ac3483a17ead5173ce40a6af55c3c2361652fefd94c0bd82e004df8186ffc31eab194534a25fe995d677f2f71363095d177c01afb6ae50f2b63ba156855ef5e5

        • C:\Program Files\AutoHotkey\UX\reset-assoc.ahk

          Filesize

          2KB

          MD5

          0299132478b49e3eb706c214bf32e62f

          SHA1

          9705c410b9f515269c512c64129ced8e0b1b23d2

          SHA256

          d26caef44190e0b612c3e4309ff6689dc2953c72cb3de1c94d002250b089f16b

          SHA512

          2a9ce8ee71ab207dbf4c4fcc2634d49233304da858c7880813a2127c2a063dc58703d4b2129498db630d081e1d72f899d348c01dbbcc359d92ab720b89ccdc44

        • C:\Program Files\AutoHotkey\UX\ui-dash.ahk

          Filesize

          6KB

          MD5

          669bd791c5aafb60ee0885ef064d3622

          SHA1

          acefb3c3997e2eadd32413814e71aaaad5a8b6d4

          SHA256

          e8c0b4e149ad58c57e77aac12041f1fa8bc9f25c6d642d12837efc5fd97b8d21

          SHA512

          eb0345b3562523c58894752276938c7e5ee63b7c3a660317c9a4c1a93b6e530b12015dd380a8a230324b94a9f042380c1a1d24b49d21c3805a4711cb185a33db

        • C:\Program Files\AutoHotkey\UX\ui-editor.ahk

          Filesize

          8KB

          MD5

          82eb574294ff4e2e7461b95f5bad0a87

          SHA1

          a981373ef3bd61ce5a2f0ad9bedaa1cf4acfd591

          SHA256

          7263286eb3a42eccf5edc39b43c74a8bf7c82f2671204d1ae654236c1de3f05d

          SHA512

          1c54e110b384d55ca0243ad343e69d1f0fa9b2a863af8da75a5c992d19f9e055182bba09be227882f82d0ebf4ec94094723e2db06cdf7ee2ed574348a8d72c74

        • C:\Program Files\AutoHotkey\UX\ui-launcherconfig.ahk

          Filesize

          8KB

          MD5

          852bf007a6ddd80a2e5c9d82d874cf45

          SHA1

          6f293ec5b59645f795e4feb3f02c026b62ed428e

          SHA256

          c91e18a25069e7b501d2d0e1c8fc23b78cb962d93469cd0b2ea7e24cdf181dc1

          SHA512

          95f2e6bbeb9138125ab337d6ba047b824ffa527a5f2403c12bbc4ee4a4e73b516d963e09c81d453bcafb01bd396d991da8d36d8a91707e557ecc61c1ba9ea91d

        • C:\Program Files\AutoHotkey\UX\ui-newscript.ahk

          Filesize

          10KB

          MD5

          1b88198b4bd36eb25e23dc412321a555

          SHA1

          d3b5670d1bc7343ae40ad087bc22309dc17e118a

          SHA256

          31249ef15cce83d150a9a5de11168a5052ff2c55dbd574b8df1c054510b61843

          SHA512

          409fb90d7ea768c9d9a2574c09b8a69c93e8afd76234c24e3e0f71aa3f564a4f1aa46ff18ea328b1afccab54604bb239d37249d5811e3a84f0ab692b032a732b

        • C:\Program Files\AutoHotkey\UX\ui-setup.ahk

          Filesize

          7KB

          MD5

          dd3f9c2f9115689f4350896752f15926

          SHA1

          fa19f1632b865b2bc098611a8be66e9f10dc692b

          SHA256

          68b114a2ea4af9df54709a78ec5991a1f271097b29cb93757403fdb158746bc7

          SHA512

          12f34d5ec7a7d5452eef97e4c87093240050756c564140874d316d0b9d194c961debe139badc943b024b680b68961ef6cbe71fc1a567c6622797f90ed51fa549

        • C:\Program Files\AutoHotkey\UX\ui-uninstall.ahk

          Filesize

          2KB

          MD5

          0fe4932669e99a498a7bc76975919000

          SHA1

          e0d6a7b484d3a6c0d7427f611c575f93e4f87ba4

          SHA256

          1e09fc4af5dc3e673d4facfe4fa849c6bdd0b29c67b0efd7f96aaf387fcef698

          SHA512

          dd3b99739106953608ac2eb2ecc4e3d316b5122b1b305bd7cfab82fcc7ec0d92b5944f4724d37cbc01ca5c6b5381b57fad9256586b5dfd0026453f9c11a32394

        • C:\Program Files\AutoHotkey\license.txt

          Filesize

          17KB

          MD5

          e3f2ad7733f3166fe770e4dc00af6c45

          SHA1

          3d436ffdd69f7187b85e0cf8f075bd6154123623

          SHA256

          b27c1a7c92686e47f8740850ad24877a50be23fd3dbd44edee50ac1223135e38

          SHA512

          ed97318d7c5beb425cb70b3557a16729b316180492f6f2177b68f512ba029d5c762ad1085dd56fabe022b5008f33e9ba564d72f8381d05b2e7f0fa5ec1aecdf3

        • C:\Program Files\AutoHotkey\v2\AutoHotkey.chm

          Filesize

          1.9MB

          MD5

          8b8d3c33ef00182f333a872f5a73f172

          SHA1

          6217bd73f14c46600f78d15a5b248012652474ce

          SHA256

          64f7afc625b92613c8a681d2e18965cef9b3a3c521ccf2a2fbc3201f74dfec8e

          SHA512

          f6815f5f8642a9d71dc881174f9740eac37113d97d6b1a2c8cbc97c540fea277f362e0a018ea49d256e354c6720b0d793da11e471dae07ae1a3ba5da3f34a86f

        • C:\Program Files\AutoHotkey\v2\AutoHotkey64.exe

          Filesize

          1.2MB

          MD5

          e92a3d6ca4bde49c6f0e1e343fdae44e

          SHA1

          02c27d2e076a19f54b133bb9c57b457b242d4116

          SHA256

          16109cec66cf252e5b851739bc9f7639a1802a0c3998b3829950e52911ca6599

          SHA512

          19df941ca771a23756936c0ee08fd5a9218784f2712c5735245aeacb532e46215654e4ddf83fbdd4b4d6a1aac3fb2a95119d883f4b3229cc7a4c690b197e24e7

        • C:\Program Files\AutoHotkey\v2\RCX4822.tmp

          Filesize

          956KB

          MD5

          f1ab8d5c265e2dc6db3acf22774bb0a6

          SHA1

          57e2a546d27073c0f47349504e82517b40771742

          SHA256

          c4ac5df3726ef447f58ae6dddc8257a4f405f76ba6d9775d6f9ba371b01e4367

          SHA512

          a5e83466697f0f9a4b982b455e44a8630f5b031e6002c9545339e0e8237630ef69b1859225fd0be99bf71af75f36368d7c98f954a02765de9c95121b10069fef

        • C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe

          Filesize

          1.2MB

          MD5

          e92a3d6ca4bde49c6f0e1e343fdae44e

          SHA1

          02c27d2e076a19f54b133bb9c57b457b242d4116

          SHA256

          16109cec66cf252e5b851739bc9f7639a1802a0c3998b3829950e52911ca6599

          SHA512

          19df941ca771a23756936c0ee08fd5a9218784f2712c5735245aeacb532e46215654e4ddf83fbdd4b4d6a1aac3fb2a95119d883f4b3229cc7a4c690b197e24e7

        • C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe

          Filesize

          1.2MB

          MD5

          e92a3d6ca4bde49c6f0e1e343fdae44e

          SHA1

          02c27d2e076a19f54b133bb9c57b457b242d4116

          SHA256

          16109cec66cf252e5b851739bc9f7639a1802a0c3998b3829950e52911ca6599

          SHA512

          19df941ca771a23756936c0ee08fd5a9218784f2712c5735245aeacb532e46215654e4ddf83fbdd4b4d6a1aac3fb2a95119d883f4b3229cc7a4c690b197e24e7

        • C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe

          Filesize

          1.2MB

          MD5

          e92a3d6ca4bde49c6f0e1e343fdae44e

          SHA1

          02c27d2e076a19f54b133bb9c57b457b242d4116

          SHA256

          16109cec66cf252e5b851739bc9f7639a1802a0c3998b3829950e52911ca6599

          SHA512

          19df941ca771a23756936c0ee08fd5a9218784f2712c5735245aeacb532e46215654e4ddf83fbdd4b4d6a1aac3fb2a95119d883f4b3229cc7a4c690b197e24e7

        • C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe

          Filesize

          1.2MB

          MD5

          e92a3d6ca4bde49c6f0e1e343fdae44e

          SHA1

          02c27d2e076a19f54b133bb9c57b457b242d4116

          SHA256

          16109cec66cf252e5b851739bc9f7639a1802a0c3998b3829950e52911ca6599

          SHA512

          19df941ca771a23756936c0ee08fd5a9218784f2712c5735245aeacb532e46215654e4ddf83fbdd4b4d6a1aac3fb2a95119d883f4b3229cc7a4c690b197e24e7

        • C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\WindowSpy.ahk

          Filesize

          7KB

          MD5

          df8e9aeada93eb205cb9051ab3379e8d

          SHA1

          b5be87c37b052366d05aa757c0806fc9bfc05671

          SHA256

          6b7717b030b7dd107af72a04cf550f35654f32342934230705b81ca92ede8c74

          SHA512

          c82608ea54b68a7124f0d14daf1962fa23b4e016ca596f268bbd97e15ef5795fe321922d88d54ec4237fc75606dc19f7761b68b2b5c02287459de24d7825f82c

        • C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\inc\CommandLineToArgs.ahk

          Filesize

          352B

          MD5

          e8d9a7e78d6a2a40bfb532b4812bde59

          SHA1

          5674b63092a69c419a42bab9e7462bde3bdb3cad

          SHA256

          a6c51e2188e31e3510577263d7b96db147b0df3dfa24c96df8fdd9d73da859ee

          SHA512

          dd7d78c7724dca4684c732b0f3f8e73af67610de8945255b48b9301672ac0b4f405c802a8cd4c343d53266f492d2d0dcd2727b5ebdb9e90cfc9173876b9ab905

        • C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\inc\bounce-v1.ahk

          Filesize

          142B

          MD5

          165b8fc572f943e3665994f87f1772b7

          SHA1

          265ca3d2a66a7e1807962eb7e8a444cefb61bc0c

          SHA256

          9b75c7f804d1d55807459e6f06db2bee8e1fb60ce9c9340d44a7b491ce53b982

          SHA512

          e675453eef9a10560cb9ea95e993d8068c8dfca3664a140b6ba33361d0736632b8ce3a37770411583f558476173294bcc12b83bf33190d89eb009bfb9bb5f0af

        • C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\inc\common.ahk

          Filesize

          688B

          MD5

          dac79ad5a978f0497de70a005b6a6084

          SHA1

          db100ce15998772fe322679468f46b0f25239eb4

          SHA256

          dbc1420c9368e954176cd1bc38c0bf5498d721cb7dee50b5abef51611a33c658

          SHA512

          9f2a2c0e01724ef82860cfb97fbe6196d29b3b41080f04b3f51653f2f535849428b0a245bc954aa57569aa660d5a5a20d2d1e0dbb9081d718bf2deddb051f47c

        • C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\inc\config.ahk

          Filesize

          429B

          MD5

          248b58535f55eb55d9baec04a384b5e6

          SHA1

          76d067318b67da9a3da71a232a887c8935c7068f

          SHA256

          4d1f241a0c973e30f1bf19e71cadb386b872a14bf0c29d32d4781a56cafd998a

          SHA512

          0186eb49da706c6cc6f48ecd94a4996c258ecea10bed26b9c79bddf0f7eca32df1449166309237859ca2508427bf79d447a2202eaeba211228da9822646cf23a

        • C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\inc\identify.ahk

          Filesize

          994B

          MD5

          c4f4b01aac51b0d52243a3c6b508273f

          SHA1

          5c82eb24a0b64e157c5ad93c704a392998f061c6

          SHA256

          e118c75f277ae34fbc70a51abdb1dae024df01d4acbe4210c39c1c03857de57f

          SHA512

          7f4bc8f36d58f079e8a8bd0ab8b9c2ee9995034ff3b652ebe939f8c3e9f20b6488bb641c956c941f0baa75cdaaa32e6aa1cd0c38f0bd760e6496a4beb5b80a74

        • C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\inc\identify_regex.ahk

          Filesize

          3KB

          MD5

          59328caf3ffae0d1a11f286c1b143706

          SHA1

          b1aecf54767e5f42e58e2bfa42224dfc1b67f684

          SHA256

          7d0c30e7341fbf9b7a360549934a7968be8ac45b46a9c135a106f5045646ee72

          SHA512

          37972528e469fc9a67057977d3ecf307eb79e24ddab5fd6630ef07059427f51a58912d14e765b75416d3c09dd4b693f738f3466ec29d4fbea2752d55907f6418

        • C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\inc\launcher-common.ahk

          Filesize

          2KB

          MD5

          696750c1861231d07ff4548ad4360dc8

          SHA1

          eb4b90b17aadf7b1ccdc484840b5500494c4a787

          SHA256

          f7d5ac8d1cfc77685cdcdbe89abb8ac0a89f5b6eec1ac1385069b72a05d05315

          SHA512

          5745b58987555c797f90efd65bb9e02e3a9139b934e27b287816be79a988f04eef6dd8b8af43c30f5f4bc5360ca7a3e42a21734915277cf3a18a91ea39ac3636

        • C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\inc\spy.ico

          Filesize

          4KB

          MD5

          eeecd8af162d3f318496e0e60d6d8c57

          SHA1

          31a99c80e4f1033914ce9344e95b84571f76ad2d

          SHA256

          968473df8eac7264d9e84e6ae91a4d706cda9f89f345d182617b161ef4fe1a7b

          SHA512

          6f55968adf7f2f02e128945016ed0c4d003c9640e4cbfc7b22b82374647e6ebdb07c02e99240da369789f4107d2c130e54d4acb1324455fd26668c4d1d009884

        • C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\inc\ui-base.ahk

          Filesize

          4KB

          MD5

          f4251e653dbbbdd8cf4640bd9855c207

          SHA1

          d08b6e5796150aa1436fd3da39bfc5fdbaaee297

          SHA256

          deffd87d99ff125eccac2331a8ba4e3a0044e150e80316e9469dd57f322beda1

          SHA512

          86896ccb0acbd27eeefe6e02747958cafcca31541638435dfe9f08d89b763144f6b5fb521df11dce4c3f46b186de4905f56ebcc7c57d4c29ef2a0731a6492698

        • C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\launcher.ahk

          Filesize

          17KB

          MD5

          7cd61a83ca5bdc4ed6db31c6f9acb76e

          SHA1

          ac5a868862e48bdcaa64d88b9ce79f15383b9b98

          SHA256

          53220aef3079415dd55f9872a0fb0aaa38a8ea1b699592a88f7a7eef614cbe70

          SHA512

          8d8e65fef7b777a9e4588094b4ee3b4453a726a7da33123c0da06e085b2c78f30348a255466288a14d2959355a7b3707793d6095bd8e342ef71b7215de2e1fe0

        • C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\reset-assoc.ahk

          Filesize

          2KB

          MD5

          0299132478b49e3eb706c214bf32e62f

          SHA1

          9705c410b9f515269c512c64129ced8e0b1b23d2

          SHA256

          d26caef44190e0b612c3e4309ff6689dc2953c72cb3de1c94d002250b089f16b

          SHA512

          2a9ce8ee71ab207dbf4c4fcc2634d49233304da858c7880813a2127c2a063dc58703d4b2129498db630d081e1d72f899d348c01dbbcc359d92ab720b89ccdc44

        • C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\ui-dash.ahk

          Filesize

          6KB

          MD5

          669bd791c5aafb60ee0885ef064d3622

          SHA1

          acefb3c3997e2eadd32413814e71aaaad5a8b6d4

          SHA256

          e8c0b4e149ad58c57e77aac12041f1fa8bc9f25c6d642d12837efc5fd97b8d21

          SHA512

          eb0345b3562523c58894752276938c7e5ee63b7c3a660317c9a4c1a93b6e530b12015dd380a8a230324b94a9f042380c1a1d24b49d21c3805a4711cb185a33db

        • C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\ui-editor.ahk

          Filesize

          8KB

          MD5

          82eb574294ff4e2e7461b95f5bad0a87

          SHA1

          a981373ef3bd61ce5a2f0ad9bedaa1cf4acfd591

          SHA256

          7263286eb3a42eccf5edc39b43c74a8bf7c82f2671204d1ae654236c1de3f05d

          SHA512

          1c54e110b384d55ca0243ad343e69d1f0fa9b2a863af8da75a5c992d19f9e055182bba09be227882f82d0ebf4ec94094723e2db06cdf7ee2ed574348a8d72c74

        • C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\ui-launcherconfig.ahk

          Filesize

          8KB

          MD5

          852bf007a6ddd80a2e5c9d82d874cf45

          SHA1

          6f293ec5b59645f795e4feb3f02c026b62ed428e

          SHA256

          c91e18a25069e7b501d2d0e1c8fc23b78cb962d93469cd0b2ea7e24cdf181dc1

          SHA512

          95f2e6bbeb9138125ab337d6ba047b824ffa527a5f2403c12bbc4ee4a4e73b516d963e09c81d453bcafb01bd396d991da8d36d8a91707e557ecc61c1ba9ea91d

        • C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\ui-newscript.ahk

          Filesize

          10KB

          MD5

          1b88198b4bd36eb25e23dc412321a555

          SHA1

          d3b5670d1bc7343ae40ad087bc22309dc17e118a

          SHA256

          31249ef15cce83d150a9a5de11168a5052ff2c55dbd574b8df1c054510b61843

          SHA512

          409fb90d7ea768c9d9a2574c09b8a69c93e8afd76234c24e3e0f71aa3f564a4f1aa46ff18ea328b1afccab54604bb239d37249d5811e3a84f0ab692b032a732b

        • C:\Users\Admin\AppData\Local\Programs\AutoHotkey\WindowSpy.ahk

          Filesize

          159B

          MD5

          e5918a52b52ca3ce2e99788a26477984

          SHA1

          87c2b54b65663e1e29e866224faeed7e8bac759b

          SHA256

          c1908cfc4b224b3bc8d1a5c67cfe4acdb4e738d8acf98560905afc412981c18b

          SHA512

          4f320cbea5adfed4b07012e04281e8713689271932b26d3886e3519389b15e2adadb87217c5bf09b080d3db976c77accf555493b7eab5ceb45bc59131772f8e6

        • C:\Users\Admin\AppData\Local\Programs\AutoHotkey\v2\AutoHotkey.chm

          Filesize

          1.9MB

          MD5

          8b8d3c33ef00182f333a872f5a73f172

          SHA1

          6217bd73f14c46600f78d15a5b248012652474ce

          SHA256

          64f7afc625b92613c8a681d2e18965cef9b3a3c521ccf2a2fbc3201f74dfec8e

          SHA512

          f6815f5f8642a9d71dc881174f9740eac37113d97d6b1a2c8cbc97c540fea277f362e0a018ea49d256e354c6720b0d793da11e471dae07ae1a3ba5da3f34a86f

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AutoHotkey Dash.lnk

          Filesize

          1KB

          MD5

          f2573917b4e4567f3d6fd63c1d0fe918

          SHA1

          86f51bac11aadd5952bc6ad98ac52369f4af717f

          SHA256

          7c589a3bf3f9da7d1099ef55b2c1bbd63860203cd01e2d4a7deaee494bb47509

          SHA512

          c49b446ff87942647e31efdeea63cfe85b1f2700d4968f122172f38fa2be196207a80d039fd8f28f5c6a1d6f7658c172537ca56bfe2b956883c7d85cbe02d4d8

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AutoHotkey Window Spy.lnk

          Filesize

          2KB

          MD5

          7a1ab3e7208a9fca00a06955f8d6bf1d

          SHA1

          b1d6e69970d433b124dd8d98ae14092b0a157e41

          SHA256

          d7fc2c0d0d35028603df0429bbc7ce5b5e30f07f7076b96e47d715c5e48bd39b

          SHA512

          b2438472575ac346bf9e5625957a9d5f2f71289b661a9a8e58b1ac6a89698e3f2505723797298a12ace1c1339dff7d10138e7558f510f397b0c4423c1b395027

        • memory/1164-5-0x0000000000400000-0x000000000093D000-memory.dmp

          Filesize

          5.2MB

        • memory/1164-0-0x0000000000400000-0x000000000093D000-memory.dmp

          Filesize

          5.2MB

        • memory/1164-1-0x0000000000400000-0x000000000093D000-memory.dmp

          Filesize

          5.2MB

        • memory/1720-262-0x0000000000400000-0x000000000093D000-memory.dmp

          Filesize

          5.2MB

        • memory/1720-226-0x0000000004AC0000-0x0000000004BC0000-memory.dmp

          Filesize

          1024KB

        • memory/1720-213-0x0000000000400000-0x000000000093D000-memory.dmp

          Filesize

          5.2MB

        • memory/1720-212-0x0000000000400000-0x000000000093D000-memory.dmp

          Filesize

          5.2MB

        • memory/2044-345-0x0000000000400000-0x000000000093D000-memory.dmp

          Filesize

          5.2MB

        • memory/2044-612-0x0000000000400000-0x000000000093D000-memory.dmp

          Filesize

          5.2MB

        • memory/2044-563-0x0000000000400000-0x000000000093D000-memory.dmp

          Filesize

          5.2MB

        • memory/2044-344-0x0000000000400000-0x000000000093D000-memory.dmp

          Filesize

          5.2MB

        • memory/2436-263-0x0000000000400000-0x000000000093D000-memory.dmp

          Filesize

          5.2MB