510a833bdd0f896cc398eaae4ff475f5b7cfe37649efbf647b50d21e442394b9

Analysis

max time kernel
151s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
18/02/2024, 19:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AutoHotkey_2.0.11_setup.exe
Size

2.9MB
MD5

7e178522e49fb3c45d441d176ee9fe01
SHA1

2a3e882103232c1355e2a6a8f1d9bc7cc23134cd
SHA256

510a833bdd0f896cc398eaae4ff475f5b7cfe37649efbf647b50d21e442394b9
SHA512

0606b1fa92f93315aa19e4c4a331ff64312953c051760bf1b56e43100aa0ad3fc5329c70a07fd3d15bce6ca7673a356feec0e97418b18b35cd2a3877a1561097
SSDEEP

49152:XPN5fLCz5lmru2QacbgOaUwX9Uc8mQU9LZ4rXdmJ4hZhV57LfgR2GVZbH:XPN5T2zmru2QacsOuX9iOl4rXdmJ4Hh8

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 12 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3244-0-0x0000000000400000-0x0000000000943000-memory.dmp	upx
behavioral1/memory/3244-1-0x0000000000400000-0x0000000000943000-memory.dmp	upx
behavioral1/memory/3244-2-0x0000000000400000-0x0000000000943000-memory.dmp	upx
behavioral1/memory/3244-3-0x0000000000400000-0x0000000000943000-memory.dmp	upx
behavioral1/memory/3244-5-0x0000000000400000-0x0000000000943000-memory.dmp	upx
behavioral1/memory/3244-9-0x0000000000400000-0x0000000000943000-memory.dmp	upx
behavioral1/memory/3712-10-0x0000000000400000-0x0000000000943000-memory.dmp	upx
behavioral1/memory/3244-11-0x0000000000400000-0x0000000000943000-memory.dmp	upx
behavioral1/memory/3712-207-0x0000000000400000-0x0000000000943000-memory.dmp	upx
behavioral1/memory/3712-273-0x0000000000400000-0x0000000000943000-memory.dmp	upx
behavioral1/memory/3712-278-0x0000000000400000-0x0000000000943000-memory.dmp	upx
behavioral1/memory/3712-314-0x0000000000400000-0x0000000000943000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\AHK\v2\RCX17D6.tmp	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\.staging\AutoHotkey_2.0.11_setup.exe\UX\ui-newscript.ahk	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\.staging\AutoHotkey_2.0.11_setup.exe\UX\inc\spy.ico	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\UX\reload-v1.ahk	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\UX\inc\spy.ico	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\license.txt	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\v2\AutoHotkey32_UIA.exe	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\.staging\AutoHotkey_2.0.11_setup.exe\UX\reset-assoc.ahk	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\.staging\AutoHotkey_2.0.11_setup.exe\UX\ui-uninstall.ahk	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\.staging\AutoHotkey_2.0.11_setup.exe\UX\inc\EnableUIAccess.ahk	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\UX\inc\CommandLineToArgs.ahk	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\UX\inc\CreateAppShortcut.ahk	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\UX\Templates\Minimal for v2.ahk	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\.staging\AutoHotkey_2.0.11_setup.exe\UX\ui-setup.ahk	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\v2\AutoHotkey.chm	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\UX\WindowSpy.ahk	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\UX\inc\GetGitHubReleaseAssetURL.ahk	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\UX\inc\identify_regex.ahk	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\UX\inc\ShellRun.ahk	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\.staging\AutoHotkey_2.0.11_setup.exe\UX\install.ahk	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\.staging\AutoHotkey_2.0.11_setup.exe\UX\inc\identify.ahk	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\UX\ui-newscript.ahk	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\UX\ui-setup.ahk	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\UX\inc\identify.ahk	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\.staging\AutoHotkey_2.0.11_setup.exe\UX\install-version.ahk	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\.staging\AutoHotkey_2.0.11_setup.exe\UX\reload-v1.ahk	AutoHotkey_2.0.11_setup.exe
File opened for modification	C:\Program Files\AHK\v2\AutoHotkey32.exe	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\UX\install.ahk	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\.staging\AutoHotkey_2.0.11_setup.exe\license.txt	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\.staging\AutoHotkey_2.0.11_setup.exe\UX\inc\HashFile.ahk	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\UX\ui-editor.ahk	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\UX\ui-launcherconfig.ahk	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\UX\inc\HashFile.ahk	AutoHotkey_2.0.11_setup.exe
File opened for modification	C:\Program Files\AHK\v2\RCXB080.tmp	AutoHotkey_2.0.11_setup.exe
File opened for modification	C:\Program Files\New folder	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\.staging\AutoHotkey_2.0.11_setup.exe\UX\ui-dash.ahk	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\.staging\AutoHotkey_2.0.11_setup.exe\UX\Templates\Minimal for v2.ahk	AutoHotkey_2.0.11_setup.exe
File opened for modification	C:\Program Files\AHK\v2\RCX9A57.tmp	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\UX\ui-uninstall.ahk	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\UX\inc\config.ahk	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\.staging\AutoHotkey_2.0.11_setup.exe\AutoHotkey64.exe	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\.staging\AutoHotkey_2.0.11_setup.exe\UX\inc\bounce-v1.ahk	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\.staging\AutoHotkey_2.0.11_setup.exe\UX\inc\common.ahk	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\.staging\AutoHotkey_2.0.11_setup.exe\UX\inc\GetGitHubReleaseAssetURL.ahk	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\.staging\AutoHotkey_2.0.11_setup.exe\UX\inc\README.txt	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\v2\AutoHotkey64.exe	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\UX\inc\README.txt	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\UX\inc\ui-base.ahk	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\.staging\AutoHotkey_2.0.11_setup.exe\UX\WindowSpy.ahk	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\.staging\AutoHotkey_2.0.11_setup.exe\UX\inc\launcher-common.ahk	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\UX\AutoHotkeyUX.exe	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\UX\reset-assoc.ahk	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\UX\ui-dash.ahk	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\.staging\AutoHotkey_2.0.11_setup.exe\WindowSpy.ahk	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\UX\install-ahk2exe.ahk	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\UX\launcher.ahk	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\UX\inc\common.ahk	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\UX\inc\launcher-common.ahk	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\.staging\AutoHotkey_2.0.11_setup.exe\AutoHotkey32.exe	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\.staging\AutoHotkey_2.0.11_setup.exe\UX\install-ahk2exe.ahk	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\.staging\AutoHotkey_2.0.11_setup.exe\AutoHotkey.chm	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\.staging\AutoHotkey_2.0.11_setup.exe\Install.cmd	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\.staging\AutoHotkey_2.0.11_setup.exe\UX\launcher.ahk	AutoHotkey_2.0.11_setup.exe
File created	C:\Program Files\AHK\.staging\AutoHotkey_2.0.11_setup.exe\UX\inc\ui-base.ahk	AutoHotkey_2.0.11_setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\MRUListEx = ffffffff	AutoHotkey_2.0.11_setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	AutoHotkey_2.0.11_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	AutoHotkey_2.0.11_setup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = 00000000ffffffff	AutoHotkey_2.0.11_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	AutoHotkey_2.0.11_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\ = "AutoHotkey Script"	AutoHotkey_2.0.11_setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	AutoHotkey_2.0.11_setup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "18874369"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	AutoHotkey_2.0.11_setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "4294967295"	AutoHotkey_2.0.11_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	AutoHotkey_2.0.11_setup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\MRUListEx = ffffffff	AutoHotkey_2.0.11_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell	AutoHotkey_2.0.11_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000010000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	AutoHotkey_2.0.11_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.ahk\ShellNew	AutoHotkey_2.0.11_setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	AutoHotkey_2.0.11_setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	AutoHotkey_2.0.11_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Open\FriendlyAppName = "AutoHotkey Launcher"	AutoHotkey_2.0.11_setup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	AutoHotkey_2.0.11_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	AutoHotkey_2.0.11_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	AutoHotkey_2.0.11_setup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff	AutoHotkey_2.0.11_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\RunAs	AutoHotkey_2.0.11_setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\ShowCmd = "1"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	AutoHotkey_2.0.11_setup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	AutoHotkey_2.0.11_setup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000000000001000000ffffffff	AutoHotkey_2.0.11_setup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	AutoHotkey_2.0.11_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2	AutoHotkey_2.0.11_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	AutoHotkey_2.0.11_setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	AutoHotkey_2.0.11_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\RunAs\AppUserModelID = "AutoHotkey.AutoHotkey"	AutoHotkey_2.0.11_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	AutoHotkey_2.0.11_setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	AutoHotkey_2.0.11_setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	AutoHotkey_2.0.11_setup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\MRUListEx = 00000000ffffffff	AutoHotkey_2.0.11_setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	AutoHotkey_2.0.11_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	AutoHotkey_2.0.11_setup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 = 19002f433a5c000000000000000000000000000000000000000000	AutoHotkey_2.0.11_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	AutoHotkey_2.0.11_setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	AutoHotkey_2.0.11_setup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	AutoHotkey_2.0.11_setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	AutoHotkey_2.0.11_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic"	AutoHotkey_2.0.11_setup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	AutoHotkey_2.0.11_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	AutoHotkey_2.0.11_setup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 0c0001008421de39050000000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	AutoHotkey_2.0.11_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\ = "Open runas UIAccess Edit"	AutoHotkey_2.0.11_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.ahk\PersistentHandler	AutoHotkey_2.0.11_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	AutoHotkey_2.0.11_setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	AutoHotkey_2.0.11_setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	AutoHotkey_2.0.11_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Launch	AutoHotkey_2.0.11_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	AutoHotkey_2.0.11_setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\NodeSlot = "5"	AutoHotkey_2.0.11_setup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	AutoHotkey_2.0.11_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Edit\Command	AutoHotkey_2.0.11_setup.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\69B118805F591044AC2BDB8DB380A72C04ABE493	AutoHotkey_2.0.11_setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\69B118805F591044AC2BDB8DB380A72C04ABE493\Blob = 03000000010000001400000069b118805f591044ac2bdb8db380a72c04abe4930200000001000000840000001c0000003400000001000000000000000000000000000000020000004100750074006f0048006f0074006b0065007900000000004d006900630072006f0073006f006600740020005300740072006f006e0067002000430072007900700074006f0067007200610070006800690063002000500072006f007600690064006500720000002000000001000000b1010000308201ad30820116a0030201020210179965a59b0d9eb843bf74bbcb59a080300d06092a864886f70d01010505003015311330110603550403130a4175746f486f746b6579301e170d3234303231383139303333345a170d3334303231383139303333345a3015311330110603550403130a4175746f486f746b657930819f300d06092a864886f70d010101050003818d0030818902818100d2ad5a89a89ef2890f1d7490975d8a52a7b54003042526ef0b6634d5ce2daea60547ad5032c061e306c329a49186c316e0f610883eabe00fba85352773066e51efdbc0e201f1b230db85b608294e0910171ea86ac3e1702023e4bb88d624408264da821ca39a47071dc93293d895aad42e1d7a98bfd6d10dd807e1828573db890203010001300d06092a864886f70d0101050500038181006f8c9eafa45e00ae61a4526bd2b3c0f8b3a5f33bf3e6b409025729565512a6ccabe06d271032140fc100b13abe608eff43c49aa144467b0e5976e2c2fcf62572b49f49e9f6ca498badc67b809130a0af65f432f98f2091967a8f126a959028d0b239666d2f0e29266fbcbba490af8cfc379ff15135306041d35571c6739b138d	AutoHotkey_2.0.11_setup.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3864	explorer.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1748	msedge.exe
1748	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3244	AutoHotkey_2.0.11_setup.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3864	explorer.exe
Token: SeCreatePagefilePrivilege	3864	explorer.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3864	explorer.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3244	AutoHotkey_2.0.11_setup.exe
3244	AutoHotkey_2.0.11_setup.exe
3244	AutoHotkey_2.0.11_setup.exe
3244	AutoHotkey_2.0.11_setup.exe
3244	AutoHotkey_2.0.11_setup.exe
3244	AutoHotkey_2.0.11_setup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3244 wrote to memory of 3712	3244	AutoHotkey_2.0.11_setup.exe	94
PID 3244 wrote to memory of 3712	3244	AutoHotkey_2.0.11_setup.exe	94
PID 3244 wrote to memory of 3712	3244	AutoHotkey_2.0.11_setup.exe	94
PID 4592 wrote to memory of 3540	4592	msedge.exe	109
PID 4592 wrote to memory of 3540	4592	msedge.exe	109
PID 4592 wrote to memory of 1832	4592	msedge.exe	110
PID 4592 wrote to memory of 1832	4592	msedge.exe	110
PID 4592 wrote to memory of 1832	4592	msedge.exe	110
PID 4592 wrote to memory of 1832	4592	msedge.exe	110
PID 4592 wrote to memory of 1832	4592	msedge.exe	110
PID 4592 wrote to memory of 1832	4592	msedge.exe	110
PID 4592 wrote to memory of 1832	4592	msedge.exe	110
PID 4592 wrote to memory of 1832	4592	msedge.exe	110
PID 4592 wrote to memory of 1832	4592	msedge.exe	110
PID 4592 wrote to memory of 1832	4592	msedge.exe	110
PID 4592 wrote to memory of 1832	4592	msedge.exe	110
PID 4592 wrote to memory of 1832	4592	msedge.exe	110
PID 4592 wrote to memory of 1832	4592	msedge.exe	110
PID 4592 wrote to memory of 1832	4592	msedge.exe	110
PID 4592 wrote to memory of 1832	4592	msedge.exe	110
PID 4592 wrote to memory of 1832	4592	msedge.exe	110
PID 4592 wrote to memory of 1832	4592	msedge.exe	110
PID 4592 wrote to memory of 1832	4592	msedge.exe	110
PID 4592 wrote to memory of 1832	4592	msedge.exe	110
PID 4592 wrote to memory of 1832	4592	msedge.exe	110
PID 4592 wrote to memory of 1832	4592	msedge.exe	110
PID 4592 wrote to memory of 1832	4592	msedge.exe	110
PID 4592 wrote to memory of 1832	4592	msedge.exe	110
PID 4592 wrote to memory of 1832	4592	msedge.exe	110
PID 4592 wrote to memory of 1832	4592	msedge.exe	110
PID 4592 wrote to memory of 1832	4592	msedge.exe	110
PID 4592 wrote to memory of 1832	4592	msedge.exe	110
PID 4592 wrote to memory of 1832	4592	msedge.exe	110
PID 4592 wrote to memory of 1832	4592	msedge.exe	110
PID 4592 wrote to memory of 1832	4592	msedge.exe	110
PID 4592 wrote to memory of 1832	4592	msedge.exe	110
PID 4592 wrote to memory of 1832	4592	msedge.exe	110
PID 4592 wrote to memory of 1832	4592	msedge.exe	110
PID 4592 wrote to memory of 1832	4592	msedge.exe	110
PID 4592 wrote to memory of 1832	4592	msedge.exe	110
PID 4592 wrote to memory of 1832	4592	msedge.exe	110
PID 4592 wrote to memory of 1832	4592	msedge.exe	110
PID 4592 wrote to memory of 1832	4592	msedge.exe	110
PID 4592 wrote to memory of 1832	4592	msedge.exe	110
PID 4592 wrote to memory of 1832	4592	msedge.exe	110
PID 4592 wrote to memory of 1748	4592	msedge.exe	111
PID 4592 wrote to memory of 1748	4592	msedge.exe	111
PID 4592 wrote to memory of 2440	4592	msedge.exe	112
PID 4592 wrote to memory of 2440	4592	msedge.exe	112
PID 4592 wrote to memory of 2440	4592	msedge.exe	112
PID 4592 wrote to memory of 2440	4592	msedge.exe	112
PID 4592 wrote to memory of 2440	4592	msedge.exe	112
PID 4592 wrote to memory of 2440	4592	msedge.exe	112
PID 4592 wrote to memory of 2440	4592	msedge.exe	112
PID 4592 wrote to memory of 2440	4592	msedge.exe	112
PID 4592 wrote to memory of 2440	4592	msedge.exe	112
PID 4592 wrote to memory of 2440	4592	msedge.exe	112
PID 4592 wrote to memory of 2440	4592	msedge.exe	112
PID 4592 wrote to memory of 2440	4592	msedge.exe	112
PID 4592 wrote to memory of 2440	4592	msedge.exe	112
PID 4592 wrote to memory of 2440	4592	msedge.exe	112
PID 4592 wrote to memory of 2440	4592	msedge.exe	112
PID 4592 wrote to memory of 2440	4592	msedge.exe	112
PID 4592 wrote to memory of 2440	4592	msedge.exe	112

C:\Users\Admin\AppData\Local\Temp\AutoHotkey_2.0.11_setup.exe
"C:\Users\Admin\AppData\Local\Temp\AutoHotkey_2.0.11_setup.exe"
1⤵
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3244
- C:\Users\Admin\AppData\Local\Temp\AutoHotkey_2.0.11_setup.exe
  "C:\Users\Admin\AppData\Local\Temp\AutoHotkey_2.0.11_setup.exe" /to "C:\Program Files\AHK"
  2⤵
  - Drops file in Program Files directory
  - Modifies registry class
  - Modifies system certificate store
  PID:3712

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:2848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultc5a41862hb16bh4732h849fh3d95ed4a911a
1⤵
- Suspicious use of WriteProcessMemory
PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x100,0x12c,0x7ffb640f46f8,0x7ffb640f4708,0x7ffb640f4718
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,6424618203325712428,17921178971742671064,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,6424618203325712428,17921178971742671064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,6424618203325712428,17921178971742671064,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:2440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:316

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:4180

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\AHK\.staging\AutoHotkey_2.0.11_setup.exe\AutoHotkey32.exe

Filesize
957KB

MD5
a589136d401a487daf687a03575a1dba

SHA1
f0dba5398c8d6a4faa17a770a98818f38f390924

SHA256
bfde2b58f0a083d9d10e31cd95164d2812575b897e2eb04c6528f30fb2eabdf0

SHA512
66f3f7d25993bee840d2d7ea3a0c322274b3aadf45dc2c90dea2b8d5fcedd57267c7e0e19f0cb08716c00645856a11a52e64e0bda26b057259af8f21859e1ef4

Download Submit
C:\Program Files\AHK\UX\Templates\Minimal for v2.ahk

Filesize
93B

MD5
cdc8756680c459bd511d2bd2895fe2b2

SHA1
a7ea57fd628cfe2f664f2647510c6a412c520dfb

SHA256
7f618d3ca343a0739a52a4a3c4f5b963ed98dc077b60c65fdc77d70fb0ec12d3

SHA512
101722eb5bba352d557e7d70704e24a54a129276857e8cc13f40da26dfa9267a67de79e52a0f552ff676d1825d0fb2eb467837b397d2e6905fa90d6891bccd45

Download Submit
C:\Program Files\AHK\UX\WindowSpy.ahk

Filesize
7KB

MD5
e2067d978526b83a1da967f16a69c125

SHA1
08000fb66e6f1b1fcd450f32e1757a39b3a7ba16

SHA256
040404a4def02f17cdafda938f5b63fc2181940ba1290da5742db0862c07166e

SHA512
a453669b15c18f24a989a57441f961861578c09c145a4364c982410e5e05ab09b05ad4a77929ccf4ab9e00e5e3d73029a13660156bf4eef9011accfd59800ea0

Download Submit
C:\Program Files\AHK\UX\inc\CommandLineToArgs.ahk

Filesize
352B

MD5
e8d9a7e78d6a2a40bfb532b4812bde59

SHA1
5674b63092a69c419a42bab9e7462bde3bdb3cad

SHA256
a6c51e2188e31e3510577263d7b96db147b0df3dfa24c96df8fdd9d73da859ee

SHA512
dd7d78c7724dca4684c732b0f3f8e73af67610de8945255b48b9301672ac0b4f405c802a8cd4c343d53266f492d2d0dcd2727b5ebdb9e90cfc9173876b9ab905

Download Submit
C:\Program Files\AHK\UX\inc\CreateAppShortcut.ahk

Filesize
1KB

MD5
2ffbde65b63790c5aa12996e9ef9068c

SHA1
a793986e4e72d5b5a866e927855eacc3a0399a7a

SHA256
40a6f0cda5fd1dff324cab288bb453aa60b41b09dacbfbc64f2d871423f33935

SHA512
315b2803c8e803b238e87de63a5737350e41d248f67c54662341ca889c3bd5fc6fc2f516ca20f1ff4d74fca4af247b64ec7795d4c4e8990fffce49bbf037a906

Download Submit
C:\Program Files\AHK\UX\inc\EnableUIAccess.ahk

Filesize
8KB

MD5
8b9234917023ea4c63ba31d9406ad360

SHA1
6da852d002772e920fb81d4226ea1ee74f260ab9

SHA256
78248c4b842b8efb0db259c7ad6a26cb04483822b399f24b612dc48fe0f0e8a3

SHA512
7dd0d08aaa881c455ce1b8d246cc550e2623e5fc90935e22ccfcf8fc8a001ce0bc2ef8be37c1be056d8713b7f4d94851a9d1910ce11c3ea99c92bd78c55cf139

Download Submit
C:\Program Files\AHK\UX\inc\GetGitHubReleaseAssetURL.ahk

Filesize
844B

MD5
1a8ab9bb38fd0da51d03dc48e3a0b2ea

SHA1
5c74ddd45c91a39b921139881c76c48c97e35825

SHA256
48a3f822a720b8e9b41165a1d19d56411d1f58036338ebd07ab40f2a14cf0f1b

SHA512
1b88603fb9eb28e717cb77623ff0159f5f45e677c34316dc0c5d5c2ed46c59f10d3afb532b1f99920f91b8098e544873f944b1e0e575efd694dd24bdca22c14e

Download Submit
C:\Program Files\AHK\UX\inc\HashFile.ahk

Filesize
2KB

MD5
727ae6f2ec77a5b56774df9da14636d2

SHA1
8216a2122c825127ca59b05b0bae0d57e92f1110

SHA256
84032ecac8ed334cf8788a81bea721b0af5cd7ca7dca57b60cdec3556ae33914

SHA512
f1058216b5d1b8d590eb4cafd5139f71f8df5f96a3fcc314a7635cb1b99de8623d87c57c567868ebdafb09925b8d13fdadcee49fa89f1a239725a92b948272cc

Download Submit
C:\Program Files\AHK\UX\inc\README.txt

Filesize
182B

MD5
4b095aae00456aa248024a184671e4d5

SHA1
84ae516fbc62ce0aa10ffeacd7ba865a35a0a375

SHA256
d65c6e73417e6bba7a619f2e68933b74e6ae6141277b65542aed9b6acdfc83ff

SHA512
77aabe92719d8fc7a28c76f3b76fa2e42a188db14f004262d8e913620aa990cde29119b82d919511fc0d828ca0a108ea79858ba158b6a8ed6a260b72b4ee229d

Download Submit
C:\Program Files\AHK\UX\inc\ShellRun.ahk

Filesize
420B

MD5
9e53fca8c7f6a9ee179f0fc0a7890ea3

SHA1
dc2a1bf437eea36b3f5ba9318f3b391b405d5cb2

SHA256
ea67340c555fdc1abf8e324ac550ac37d2ba5f96a8edef120e72fb340f8f95c0

SHA512
cad5c07f952fb93413b4a3990c522ba4b446ae41f11c8dd323bdcde1b30fbfd76515606d5dc4bcb8768bd382cdb82553801539a192b002696d253341f3c0dbc5

Download Submit
C:\Program Files\AHK\UX\inc\bounce-v1.ahk

Filesize
142B

MD5
165b8fc572f943e3665994f87f1772b7

SHA1
265ca3d2a66a7e1807962eb7e8a444cefb61bc0c

SHA256
9b75c7f804d1d55807459e6f06db2bee8e1fb60ce9c9340d44a7b491ce53b982

SHA512
e675453eef9a10560cb9ea95e993d8068c8dfca3664a140b6ba33361d0736632b8ce3a37770411583f558476173294bcc12b83bf33190d89eb009bfb9bb5f0af

Download Submit
C:\Program Files\AHK\UX\inc\common.ahk

Filesize
688B

MD5
dac79ad5a978f0497de70a005b6a6084

SHA1
db100ce15998772fe322679468f46b0f25239eb4

SHA256
dbc1420c9368e954176cd1bc38c0bf5498d721cb7dee50b5abef51611a33c658

SHA512
9f2a2c0e01724ef82860cfb97fbe6196d29b3b41080f04b3f51653f2f535849428b0a245bc954aa57569aa660d5a5a20d2d1e0dbb9081d718bf2deddb051f47c

Download Submit
C:\Program Files\AHK\UX\inc\config.ahk

Filesize
429B

MD5
248b58535f55eb55d9baec04a384b5e6

SHA1
76d067318b67da9a3da71a232a887c8935c7068f

SHA256
4d1f241a0c973e30f1bf19e71cadb386b872a14bf0c29d32d4781a56cafd998a

SHA512
0186eb49da706c6cc6f48ecd94a4996c258ecea10bed26b9c79bddf0f7eca32df1449166309237859ca2508427bf79d447a2202eaeba211228da9822646cf23a

Download Submit
C:\Program Files\AHK\UX\inc\identify.ahk

Filesize
994B

MD5
c4f4b01aac51b0d52243a3c6b508273f

SHA1
5c82eb24a0b64e157c5ad93c704a392998f061c6

SHA256
e118c75f277ae34fbc70a51abdb1dae024df01d4acbe4210c39c1c03857de57f

SHA512
7f4bc8f36d58f079e8a8bd0ab8b9c2ee9995034ff3b652ebe939f8c3e9f20b6488bb641c956c941f0baa75cdaaa32e6aa1cd0c38f0bd760e6496a4beb5b80a74

Download Submit
C:\Program Files\AHK\UX\inc\identify_regex.ahk

Filesize
3KB

MD5
dc8c38536588cb489d822474fa6fc5bf

SHA1
30d1d5b26e0cb6ff74aa4725fcdb38410ecbc6ac

SHA256
f423fa3493d4aec9f7402809099d32b3c7a3651c6d2f672cf5067ce455913b35

SHA512
e3b9f52b63aba3a83153ff8c4bbea93d198c4c58406b6de2109f12d11cd3158d7752210ceaa32fa4a1da950bbf476259541cca4acd99751a7d3fffbc7d7b9362

Download Submit
C:\Program Files\AHK\UX\inc\launcher-common.ahk

Filesize
2KB

MD5
696750c1861231d07ff4548ad4360dc8

SHA1
eb4b90b17aadf7b1ccdc484840b5500494c4a787

SHA256
f7d5ac8d1cfc77685cdcdbe89abb8ac0a89f5b6eec1ac1385069b72a05d05315

SHA512
5745b58987555c797f90efd65bb9e02e3a9139b934e27b287816be79a988f04eef6dd8b8af43c30f5f4bc5360ca7a3e42a21734915277cf3a18a91ea39ac3636

Download Submit
C:\Program Files\AHK\UX\inc\spy.ico

Filesize
4KB

MD5
eeecd8af162d3f318496e0e60d6d8c57

SHA1
31a99c80e4f1033914ce9344e95b84571f76ad2d

SHA256
968473df8eac7264d9e84e6ae91a4d706cda9f89f345d182617b161ef4fe1a7b

SHA512
6f55968adf7f2f02e128945016ed0c4d003c9640e4cbfc7b22b82374647e6ebdb07c02e99240da369789f4107d2c130e54d4acb1324455fd26668c4d1d009884

Download Submit
C:\Program Files\AHK\UX\inc\ui-base.ahk

Filesize
4KB

MD5
f4251e653dbbbdd8cf4640bd9855c207

SHA1
d08b6e5796150aa1436fd3da39bfc5fdbaaee297

SHA256
deffd87d99ff125eccac2331a8ba4e3a0044e150e80316e9469dd57f322beda1

SHA512
86896ccb0acbd27eeefe6e02747958cafcca31541638435dfe9f08d89b763144f6b5fb521df11dce4c3f46b186de4905f56ebcc7c57d4c29ef2a0731a6492698

Download Submit
C:\Program Files\AHK\UX\install-ahk2exe.ahk

Filesize
1KB

MD5
c90bed0679b789b74e4865ae6f2709a3

SHA1
b0dbee6a237ba93daec76a0553cd3254821d60a1

SHA256
c242ebb51241acab13152d95cdb05be5382ffb97f3dca2da3a4e5a084c2e3ff4

SHA512
f8dfe5c558b427e05905b2a3d8a09632347edf945d47ed4fc82ec38a9045f5837a798ef669f0fdae6504d9eee6762c49c8e6c32adac0f6a3e6c2eed6d48e64b2

Download Submit
C:\Program Files\AHK\UX\install-version.ahk

Filesize
4KB

MD5
30b87fbfadc592c38be9d82edf597fa3

SHA1
1ff5d720858a38bdd2e21a5a492938c07b2811a5

SHA256
1e59921bcddb3c41651eb01605cdefcdee3c6adec5db6b7cafb7ab801ead5e1e

SHA512
79a407cad251f45d13c0505cdf7e27a281455e3eefe1f7fc5aedd658297351ac7dbbce21065a29ed9d86c6b908a175cd83201e0d60e972865e6258c2f8c145a7

Download Submit
C:\Program Files\AHK\UX\install.ahk

Filesize
38KB

MD5
3c6fc56456d2afde1a79783e867110bd

SHA1
003b0aff8294339adfa3b9b8ae85f042f0455d26

SHA256
123899120bf5bd56fc0a01fe394482fe6f2de00c1f0469c1dda4977b403b1a89

SHA512
1bacfd16e4893efa8f0aff24e273e94a520daf28945cf4e80e137b5546bb38794edee5c910ae9d01bff89aa4721d2dd3c26b6b9f29087ddc0a7842a10b8255dc

Download Submit
C:\Program Files\AHK\UX\launcher.ahk

Filesize
17KB

MD5
7cd61a83ca5bdc4ed6db31c6f9acb76e

SHA1
ac5a868862e48bdcaa64d88b9ce79f15383b9b98

SHA256
53220aef3079415dd55f9872a0fb0aaa38a8ea1b699592a88f7a7eef614cbe70

SHA512
8d8e65fef7b777a9e4588094b4ee3b4453a726a7da33123c0da06e085b2c78f30348a255466288a14d2959355a7b3707793d6095bd8e342ef71b7215de2e1fe0

Download Submit
C:\Program Files\AHK\UX\reload-v1.ahk

Filesize
556B

MD5
35f4753a58432446b99bf89a9e930bf5

SHA1
babc3341d9d95865a36ea9a20549a61146093006

SHA256
e4659306a755b583e9cef5fdba3b3eb102d8939fb028afd91aad4496e758fad5

SHA512
ac3483a17ead5173ce40a6af55c3c2361652fefd94c0bd82e004df8186ffc31eab194534a25fe995d677f2f71363095d177c01afb6ae50f2b63ba156855ef5e5

Download Submit
C:\Program Files\AHK\UX\reset-assoc.ahk

Filesize
2KB

MD5
0299132478b49e3eb706c214bf32e62f

SHA1
9705c410b9f515269c512c64129ced8e0b1b23d2

SHA256
d26caef44190e0b612c3e4309ff6689dc2953c72cb3de1c94d002250b089f16b

SHA512
2a9ce8ee71ab207dbf4c4fcc2634d49233304da858c7880813a2127c2a063dc58703d4b2129498db630d081e1d72f899d348c01dbbcc359d92ab720b89ccdc44

Download Submit
C:\Program Files\AHK\UX\ui-dash.ahk

Filesize
6KB

MD5
669bd791c5aafb60ee0885ef064d3622

SHA1
acefb3c3997e2eadd32413814e71aaaad5a8b6d4

SHA256
e8c0b4e149ad58c57e77aac12041f1fa8bc9f25c6d642d12837efc5fd97b8d21

SHA512
eb0345b3562523c58894752276938c7e5ee63b7c3a660317c9a4c1a93b6e530b12015dd380a8a230324b94a9f042380c1a1d24b49d21c3805a4711cb185a33db

Download Submit
C:\Program Files\AHK\UX\ui-editor.ahk

Filesize
8KB

MD5
82eb574294ff4e2e7461b95f5bad0a87

SHA1
a981373ef3bd61ce5a2f0ad9bedaa1cf4acfd591

SHA256
7263286eb3a42eccf5edc39b43c74a8bf7c82f2671204d1ae654236c1de3f05d

SHA512
1c54e110b384d55ca0243ad343e69d1f0fa9b2a863af8da75a5c992d19f9e055182bba09be227882f82d0ebf4ec94094723e2db06cdf7ee2ed574348a8d72c74

Download Submit
C:\Program Files\AHK\UX\ui-launcherconfig.ahk

Filesize
8KB

MD5
852bf007a6ddd80a2e5c9d82d874cf45

SHA1
6f293ec5b59645f795e4feb3f02c026b62ed428e

SHA256
c91e18a25069e7b501d2d0e1c8fc23b78cb962d93469cd0b2ea7e24cdf181dc1

SHA512
95f2e6bbeb9138125ab337d6ba047b824ffa527a5f2403c12bbc4ee4a4e73b516d963e09c81d453bcafb01bd396d991da8d36d8a91707e557ecc61c1ba9ea91d

Download Submit
C:\Program Files\AHK\UX\ui-newscript.ahk

Filesize
10KB

MD5
1b88198b4bd36eb25e23dc412321a555

SHA1
d3b5670d1bc7343ae40ad087bc22309dc17e118a

SHA256
31249ef15cce83d150a9a5de11168a5052ff2c55dbd574b8df1c054510b61843

SHA512
409fb90d7ea768c9d9a2574c09b8a69c93e8afd76234c24e3e0f71aa3f564a4f1aa46ff18ea328b1afccab54604bb239d37249d5811e3a84f0ab692b032a732b

Download Submit
C:\Program Files\AHK\UX\ui-setup.ahk

Filesize
7KB

MD5
dd3f9c2f9115689f4350896752f15926

SHA1
fa19f1632b865b2bc098611a8be66e9f10dc692b

SHA256
68b114a2ea4af9df54709a78ec5991a1f271097b29cb93757403fdb158746bc7

SHA512
12f34d5ec7a7d5452eef97e4c87093240050756c564140874d316d0b9d194c961debe139badc943b024b680b68961ef6cbe71fc1a567c6622797f90ed51fa549

Download Submit
C:\Program Files\AHK\UX\ui-uninstall.ahk

Filesize
2KB

MD5
0fe4932669e99a498a7bc76975919000

SHA1
e0d6a7b484d3a6c0d7427f611c575f93e4f87ba4

SHA256
1e09fc4af5dc3e673d4facfe4fa849c6bdd0b29c67b0efd7f96aaf387fcef698

SHA512
dd3b99739106953608ac2eb2ecc4e3d316b5122b1b305bd7cfab82fcc7ec0d92b5944f4724d37cbc01ca5c6b5381b57fad9256586b5dfd0026453f9c11a32394

Download Submit
C:\Program Files\AHK\license.txt

Filesize
17KB

MD5
e3f2ad7733f3166fe770e4dc00af6c45

SHA1
3d436ffdd69f7187b85e0cf8f075bd6154123623

SHA256
b27c1a7c92686e47f8740850ad24877a50be23fd3dbd44edee50ac1223135e38

SHA512
ed97318d7c5beb425cb70b3557a16729b316180492f6f2177b68f512ba029d5c762ad1085dd56fabe022b5008f33e9ba564d72f8381d05b2e7f0fa5ec1aecdf3

Download Submit
C:\Program Files\AHK\v2\AutoHotkey.chm

Filesize
1.9MB

MD5
7440945a51afa9fb5242581dd71854a9

SHA1
7179fd13e4880add844d23e394f618b1d5e4aba1

SHA256
4b178b6659aa29bd15cba9ccf99e971fff3adb895ac7547092507d55b8d394bb

SHA512
c02e9e9ef37f1a1fb48c0d6b9fc1fd37bc15f2d9b4676a5559e95d118544bf80bbacfbe07622c1e0ca82c66620f73435d47eadd3edbed56b3fbdf55edad973bf

Download Submit
C:\Program Files\AHK\v2\AutoHotkey64.exe

Filesize
1.2MB

MD5
6b3d7778f5055e58b9a2a9973bda470b

SHA1
26d7fa49de9892978985da92c51bb03c821bc6b7

SHA256
f325aa17f9d8b3580b6a89ef8ee18dcf95961a3d28e0d79b7478f9800eba237c

SHA512
b90c274d3ae7b6825962940cdf3bc4c2c0f4e46ed41336e6e65938205d2e550dcb15f801a948e1b4a29bbf48169b4517cad0b451df2384650611c56681ea42ad

Download Submit
C:\Program Files\AHK\v2\RCX17D6.tmp

Filesize
957KB

MD5
e7d457e3ae3c5ea48ba9691016f7fc02

SHA1
d46e1c68f56c126ecfed8a9b54143c1d42e454db

SHA256
8c2367315b9035f61ff0a2ea625c2cdb5f0590ebca2823f40c757819dd0b413a

SHA512
8d0f0cbd1e5d1cc58ec2b1efdfa1b56e743dd5bae2a893c97719c5052f1a2ca6b11f2027ec2ccd1c9eaaa1a6d176ff198d6f795a36d1e8ec998255c5a49a17d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fa070c9c9ab8d902ee4f3342d217275f

SHA1
ac69818312a7eba53586295c5b04eefeb5c73903

SHA256
245b396ed1accfae337f770d3757c932bc30a8fc8dd133b5cefe82242760c2c7

SHA512
df92ca6d405d603ef5f07dbf9516d9e11e1fdc13610bb59e6d4712e55dd661f756c8515fc2c359c1db6b8b126e7f5a15886e643d93c012ef34a11041e02cc0dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f8de7d4f95c2749c7f18d6e5b643d8f6

SHA1
b3ede72f0de2244cf4aff056ab97fabe2f9abf13

SHA256
429d86831d355a8c961714b5f6d0180c66236842bed5a26a515b947fc3698a8b

SHA512
26bc41f76f6fd8e71ed2b40c6d9bb487fd460bbd13a2b51a00573025644c430a3059e6b25b566e46438096f6727b891cab5e2e8683aff677dc5c6a9a855c40f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
e3c1af53fce192cba050c65a4d9a35c7

SHA1
f1533b5ecfe6c2a964aed3635403d83a855529fa

SHA256
c8718a604ea7c3e473d27afb36bc236c121510858639eef4c965d01fa47e59aa

SHA512
ebb5b9c931dd116075af3c27a10a29ce849c103162f802c104afc356bd0f8250623fce2f533d4f97307915cf1413babf1accc350979ac9f6a893062ff2dd7b8e

Download Submit
memory/3244-0-0x0000000000400000-0x0000000000943000-memory.dmp

Filesize
5.3MB

Download
memory/3244-9-0x0000000000400000-0x0000000000943000-memory.dmp

Filesize
5.3MB

Download
memory/3244-5-0x0000000000400000-0x0000000000943000-memory.dmp

Filesize
5.3MB

Download
memory/3244-1-0x0000000000400000-0x0000000000943000-memory.dmp

Filesize
5.3MB

Download
memory/3244-2-0x0000000000400000-0x0000000000943000-memory.dmp

Filesize
5.3MB

Download
memory/3244-3-0x0000000000400000-0x0000000000943000-memory.dmp

Filesize
5.3MB

Download
memory/3244-11-0x0000000000400000-0x0000000000943000-memory.dmp

Filesize
5.3MB

Download
memory/3712-207-0x0000000000400000-0x0000000000943000-memory.dmp

Filesize
5.3MB

Download
memory/3712-10-0x0000000000400000-0x0000000000943000-memory.dmp

Filesize
5.3MB

Download
memory/3712-273-0x0000000000400000-0x0000000000943000-memory.dmp

Filesize
5.3MB

Download
memory/3712-277-0x0000000004AD0000-0x0000000004BD0000-memory.dmp

Filesize
1024KB

Download
memory/3712-278-0x0000000000400000-0x0000000000943000-memory.dmp

Filesize
5.3MB

Download
memory/3712-314-0x0000000000400000-0x0000000000943000-memory.dmp

Filesize
5.3MB

Download