b07325c28fc9f6216b7183948976b29b6e00529356268dca48cf27049f4515cb

Resubmissions

11-04-2024 15:37

240411-s2hd3shg2w 7

11-04-2024 15:36

240411-s2c5cshg2s 3

Analysis

max time kernel
219s
max time network
219s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11-04-2024 15:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Release.rar.7z
Size

1KB
MD5

84d209ee83cf324e4c7d9a28288fbd85
SHA1

2307e4d5f3cc6420587b491059415418c4e424d9
SHA256

b07325c28fc9f6216b7183948976b29b6e00529356268dca48cf27049f4515cb
SHA512

8f65d02be3fc7a9ac48dc0dd9192aa9a57244ca6a0a0768329dfd90ed27a1a15917d89462d6d9a1ee11fac42b38487b6e5dd3dcc562103cabf4e92e5f0fd2f91

Score

7^/10

discovery upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	cmd.exe

Executes dropped EXE 12 IoCs

pid	Process
1960	AutoHotkey_2.0.12_setup.exe
3084	AutoHotkey_2.0.12_setup.exe
5900	AutoHotkey_2.0.12_setup.exe
6084	AutoHotkey_2.0.12_setup.exe
1752	AutoHotkeyUX.exe
5884	AutoHotkeyUX.exe
760	AutoHotkeyUX.exe
5984	AutoHotkeyUX.exe
4600	AutoHotkeyUX.exe
5600	AutoHotkeyUX.exe
5580	AutoHotkeyUX.exe
4628	AutoHotkeyU64.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000600000001daaf-154.dat	upx
behavioral2/memory/1960-187-0x0000000000400000-0x0000000000944000-memory.dmp	upx
behavioral2/memory/3084-204-0x0000000000400000-0x0000000000944000-memory.dmp	upx
behavioral2/memory/1960-207-0x0000000000400000-0x0000000000944000-memory.dmp	upx
behavioral2/memory/3084-396-0x0000000000400000-0x0000000000944000-memory.dmp	upx
behavioral2/memory/3084-441-0x0000000000400000-0x0000000000944000-memory.dmp	upx
behavioral2/memory/5900-454-0x0000000000400000-0x0000000000944000-memory.dmp	upx
behavioral2/memory/6084-800-0x0000000000400000-0x0000000000944000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\identify.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\identify_regex.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\UX\install-ahk2exe.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\AutoHotkey.chm	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\install-ahk2exe.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\ui-dash.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\config.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\v2\AutoHotkey.chm	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\UX\ui-editor.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\UX\WindowSpy.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\GetGitHubReleaseAssetURL.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\ui-setup.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\common.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\ShellRun.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\AutoHotkey64.exe	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\bounce-v1.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\identify_regex.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\license.txt	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\spy.ico	AutoHotkey_2.0.12_setup.exe
File opened for modification	C:\Program Files\AutoHotkey\v2\AutoHotkey32.exe	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\UX\install-version.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\UX\ui-newscript.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\HashFile.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\UX\Templates\Minimal for v2.ahk	AutoHotkey_2.0.12_setup.exe
File opened for modification	C:\Program Files\AutoHotkey\v2\RCX92C0.tmp	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\install-version.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\ui-editor.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\ui-uninstall.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\CreateAppShortcut.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\UX\ui-dash.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\UX\ui-setup.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\CreateAppShortcut.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\CommandLineToArgs.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\HashFile.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\launcher-common.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\AutoHotkey32.exe	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\WindowSpy.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\Install.cmd	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\EnableUIAccess.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\GetGitHubReleaseAssetURL.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\install.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\reload-v1.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\reset-assoc.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\v2\AutoHotkey64.exe	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\README.txt	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\WindowSpy.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\UX\ui-uninstall.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\bounce-v1.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\ui-base.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\license.txt	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\ShellRun.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\Templates\Minimal for v2.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\UX\reload-v1.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\UX\reset-assoc.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\config.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\ui-base.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\UX\launcher.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\CommandLineToArgs.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\launcher-common.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\v2\AutoHotkey32_UIA.exe	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\ui-newscript.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\UX\install.ahk	AutoHotkey_2.0.12_setup.exe
File created	C:\Program Files\AutoHotkey\UX\ui-launcherconfig.ahk	AutoHotkey_2.0.12_setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe

Delays execution with timeout.exe 3 IoCs

evasion

pid	Process
5400	timeout.exe
6080	timeout.exe
3288	timeout.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133573235064296342"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\AutoHotkeyScript\AppUserModelID = "AutoHotkey.AutoHotkey"	AutoHotkey_2.0.12_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\AutoHotkeyScript\Shell\ = "Open runas UIAccess Edit"	AutoHotkey_2.0.12_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\AutoHotkeyScript\Shell\Edit\ = "Edit script"	AutoHotkey_2.0.12_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Launch\Command\ = "\"C:\\Program Files\\AutoHotkey\\UX\\AutoHotkeyUX.exe\" \"C:\\Program Files\\AutoHotkey\\UX\\launcher.ahk\" /Launch \"%1\" %*"	AutoHotkey_2.0.12_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Launch\Command	AutoHotkey_2.0.12_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell\UIAccess	AutoHotkey_2.0.12_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell\Edit\Command	AutoHotkey_2.0.12_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\.ahk\ShellNew\Command = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\AutoHotkey\\UX\\AutoHotkeyUX.exe\" \"C:\\Users\\Admin\\AppData\\Local\\Programs\\AutoHotkey\\UX\\ui-newscript.ahk\" \"%1\""	AutoHotkey_2.0.12_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\AutoHotkeyScript\DefaultIcon	AutoHotkey_2.0.12_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\AutoHotkeyScript\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\AutoHotkey\\UX\\AutoHotkeyUX.exe,1"	AutoHotkey_2.0.12_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\AutoHotkeyScript\Shell\Open\Command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\AutoHotkey\\UX\\AutoHotkeyUX.exe\" \"C:\\Users\\Admin\\AppData\\Local\\Programs\\AutoHotkey\\UX\\launcher.ahk\" \"%1\" %*"	AutoHotkey_2.0.12_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\AutoHotkeyScript\Shell\RunAs\Command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\AutoHotkey\\UX\\AutoHotkeyUX.exe\" \"C:\\Users\\Admin\\AppData\\Local\\Programs\\AutoHotkey\\UX\\launcher.ahk\" \"%1\" %*"	AutoHotkey_2.0.12_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\AutoHotkeyScript\Shell	AutoHotkeyUX.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\UIAccess\AppUserModelID = "AutoHotkey.AutoHotkey"	AutoHotkey_2.0.12_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell\Open\Command	AutoHotkey_2.0.12_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\RunAs	AutoHotkey_2.0.12_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\UIAccess\Command	AutoHotkey_2.0.12_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\.ahk	AutoHotkey_2.0.12_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\.ahk\ShellNew	AutoHotkey_2.0.12_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\.ahk\PersistentHandler	AutoHotkey_2.0.12_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\AutoHotkeyScript\Shell\RunAs	AutoHotkey_2.0.12_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.ahk\PersistentHandler	AutoHotkey_2.0.12_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\AutoHotkeyScript\Shell\Compile	AutoHotkeyUX.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\AutoHotkeyScript\Shell\Launch\Command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\AutoHotkey\\UX\\AutoHotkeyUX.exe\" \"C:\\Users\\Admin\\AppData\\Local\\Programs\\AutoHotkey\\UX\\launcher.ahk\" /Launch \"%1\" %*"	AutoHotkey_2.0.12_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\AutoHotkeyScript\ = "AutoHotkey Script"	AutoHotkey_2.0.12_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\AutoHotkeyScript\Shell\RunAs\Command	AutoHotkey_2.0.12_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\AutoHotkeyScript\Shell\Edit	AutoHotkey_2.0.12_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\AutoHotkeyScript\Shell\Compile-Gui\Command	AutoHotkeyUX.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Open\ = "Run script"	AutoHotkey_2.0.12_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\RunAs\AppUserModelID = "AutoHotkey.AutoHotkey"	AutoHotkey_2.0.12_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\RunAs\HasLUAShield	AutoHotkey_2.0.12_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell\Launch\Command	AutoHotkey_2.0.12_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Edit\Command\ = "\"C:\\Program Files\\AutoHotkey\\UX\\AutoHotkeyUX.exe\" \"C:\\Program Files\\AutoHotkey\\UX\\ui-editor.ahk\" \"%1\""	AutoHotkey_2.0.12_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\.ahk\PersistentHandler\ = "{5e941d80-bf96-11cd-b579-08002b30bfeb}"	AutoHotkey_2.0.12_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\AutoHotkeyScript	AutoHotkey_2.0.12_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\AutoHotkeyScript	AutoHotkeyUX.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell\RunAs\Command	AutoHotkey_2.0.12_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.ahk\ShellNew\Command = "\"C:\\Program Files\\AutoHotkey\\UX\\AutoHotkeyUX.exe\" \"C:\\Program Files\\AutoHotkey\\UX\\ui-newscript.ahk\" \"%1\""	AutoHotkey_2.0.12_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\ = "AutoHotkey Script"	AutoHotkey_2.0.12_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell\Open	AutoHotkey_2.0.12_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript	AutoHotkey_2.0.12_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell\UIAccess\Command	AutoHotkey_2.0.12_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\AutoHotkeyScript\Shell\Launch\ = "Launch"	AutoHotkey_2.0.12_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\AutoHotkeyScript\Shell\Launch\ProgrammaticAccessOnly	AutoHotkey_2.0.12_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{07926270-C3CF-4929-9AFC-25F12BB5C381}	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\RunAs\Command\ = "\"C:\\Program Files\\AutoHotkey\\UX\\AutoHotkeyUX.exe\" \"C:\\Program Files\\AutoHotkey\\UX\\launcher.ahk\" \"%1\" %*"	AutoHotkey_2.0.12_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\UIAccess\Command\ = "\"C:\\Program Files\\AutoHotkey\\UX\\AutoHotkeyUX.exe\" \"C:\\Program Files\\AutoHotkey\\UX\\launcher.ahk\" /runwith UIA \"%1\" %*"	AutoHotkey_2.0.12_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\UIAccess\ = "Run with UI access"	AutoHotkey_2.0.12_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Launch\ProgrammaticAccessOnly	AutoHotkey_2.0.12_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell\Edit	AutoHotkey_2.0.12_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\AutoHotkeyScript\Shell\RunAs\HasLUAShield	AutoHotkey_2.0.12_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\AutoHotkeyScript\Shell\Launch\Command	AutoHotkey_2.0.12_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Open\Command\ = "\"C:\\Program Files\\AutoHotkey\\UX\\AutoHotkeyUX.exe\" \"C:\\Program Files\\AutoHotkey\\UX\\launcher.ahk\" \"%1\" %*"	AutoHotkey_2.0.12_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\AutoHotkeyScript\Shell\Launch	AutoHotkey_2.0.12_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Launch\AppUserModelID = "AutoHotkey.AutoHotkey"	AutoHotkey_2.0.12_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\AutoHotkeyScript\Shell	AutoHotkey_2.0.12_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\DefaultIcon\ = "C:\\Program Files\\AutoHotkey\\UX\\AutoHotkeyUX.exe,1"	AutoHotkey_2.0.12_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell\RunAs	AutoHotkey_2.0.12_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Launch	AutoHotkey_2.0.12_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Launch\ = "Launch"	AutoHotkey_2.0.12_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\AutoHotkeyScript\Shell\Compile\Command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\AutoHotkey\\Compiler\\Ahk2Exe.exe\" /in \"%l\" %*"	AutoHotkeyUX.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Open\AppUserModelID = "AutoHotkey.AutoHotkey"	AutoHotkey_2.0.12_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.ahk	AutoHotkey_2.0.12_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript	AutoHotkey_2.0.12_setup.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\9AAE7204551230ECE15523BC935F7DE54D3C0AAC	AutoHotkey_2.0.12_setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\9AAE7204551230ECE15523BC935F7DE54D3C0AAC\Blob = 0300000001000000140000009aae7204551230ece15523bc935f7de54d3c0aac0200000001000000840000001c0000003400000001000000000000000000000000000000020000004100750074006f0048006f0074006b0065007900000000004d006900630072006f0073006f006600740020005300740072006f006e0067002000430072007900700074006f0067007200610070006800690063002000500072006f007600690064006500720000002000000001000000e1010000308201dd30820146a00302010202106cfa601b9dc85f9e48a2396e4bb21fcb300d06092a864886f70d01010505003015311330110603550403130a4175746f486f746b65793020170d3234303431313135333930335a180f39393939303130313132303030305a3015311330110603550403130a4175746f486f746b657930819f300d06092a864886f70d010101050003818d0030818902818100bf1380af9cd6c1874a70c02a97e844288cbe48ed8a371e392a297ca4495c38b7cc079eec3cfdc9cd32d1c3d5587331b5aff839c8d6b42b11bf1d4bf802b2886bb0a1ceb093dd0fbafce8ce609bf5745383a924fa77a8e7c970f26e72550bf86835516bde0d0b96fe3a51b9560058bd3751738c3402d5bdff7a6bbf81d73c12890203010001a32c302a30100603551d040101ff040630040302049030160603551d250101ff040c300a06082b06010505070303300d06092a864886f70d010105050003818100b5842fed9833535351896dd96ced8bad8c1dd42c5a9729adf94f4155dd984b45832b833846c628fa08e72adea86b481658920e6a6d4911179fe574eda9098c1cb600ec678943e6f9b39a4261a994868e7648ad7288e1aadcd771a7a2c8cfa5afa1d04c35c3595a96b0c8195b90c272760ef8e7ae9f46b63e43688d23a166a288	AutoHotkey_2.0.12_setup.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
784	chrome.exe
784	chrome.exe
5580	AutoHotkeyUX.exe
5580	AutoHotkeyUX.exe
2164	chrome.exe
2164	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5884	AutoHotkeyUX.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	2676	7zFM.exe
Token: 35	2676	7zFM.exe
Token: SeRestorePrivilege	4448	7zG.exe
Token: 35	4448	7zG.exe
Token: SeSecurityPrivilege	4448	7zG.exe
Token: SeSecurityPrivilege	4448	7zG.exe
Token: SeShutdownPrivilege	784	chrome.exe
Token: SeCreatePagefilePrivilege	784	chrome.exe
Token: SeShutdownPrivilege	784	chrome.exe
Token: SeCreatePagefilePrivilege	784	chrome.exe
Token: SeShutdownPrivilege	784	chrome.exe
Token: SeCreatePagefilePrivilege	784	chrome.exe
Token: SeShutdownPrivilege	784	chrome.exe
Token: SeCreatePagefilePrivilege	784	chrome.exe
Token: SeShutdownPrivilege	784	chrome.exe
Token: SeCreatePagefilePrivilege	784	chrome.exe
Token: SeShutdownPrivilege	784	chrome.exe
Token: SeCreatePagefilePrivilege	784	chrome.exe
Token: SeShutdownPrivilege	784	chrome.exe
Token: SeCreatePagefilePrivilege	784	chrome.exe
Token: SeShutdownPrivilege	784	chrome.exe
Token: SeCreatePagefilePrivilege	784	chrome.exe
Token: SeShutdownPrivilege	784	chrome.exe
Token: SeCreatePagefilePrivilege	784	chrome.exe
Token: SeShutdownPrivilege	784	chrome.exe
Token: SeCreatePagefilePrivilege	784	chrome.exe
Token: SeShutdownPrivilege	784	chrome.exe
Token: SeCreatePagefilePrivilege	784	chrome.exe
Token: SeShutdownPrivilege	784	chrome.exe
Token: SeCreatePagefilePrivilege	784	chrome.exe
Token: SeShutdownPrivilege	784	chrome.exe
Token: SeCreatePagefilePrivilege	784	chrome.exe
Token: SeShutdownPrivilege	784	chrome.exe
Token: SeCreatePagefilePrivilege	784	chrome.exe
Token: SeShutdownPrivilege	784	chrome.exe
Token: SeCreatePagefilePrivilege	784	chrome.exe
Token: SeShutdownPrivilege	784	chrome.exe
Token: SeCreatePagefilePrivilege	784	chrome.exe
Token: SeShutdownPrivilege	784	chrome.exe
Token: SeCreatePagefilePrivilege	784	chrome.exe
Token: SeShutdownPrivilege	784	chrome.exe
Token: SeCreatePagefilePrivilege	784	chrome.exe
Token: SeShutdownPrivilege	784	chrome.exe
Token: SeCreatePagefilePrivilege	784	chrome.exe
Token: SeShutdownPrivilege	784	chrome.exe
Token: SeCreatePagefilePrivilege	784	chrome.exe
Token: SeShutdownPrivilege	784	chrome.exe
Token: SeCreatePagefilePrivilege	784	chrome.exe
Token: SeShutdownPrivilege	784	chrome.exe
Token: SeCreatePagefilePrivilege	784	chrome.exe
Token: SeShutdownPrivilege	784	chrome.exe
Token: SeCreatePagefilePrivilege	784	chrome.exe
Token: SeShutdownPrivilege	784	chrome.exe
Token: SeCreatePagefilePrivilege	784	chrome.exe
Token: SeShutdownPrivilege	784	chrome.exe
Token: SeCreatePagefilePrivilege	784	chrome.exe
Token: SeShutdownPrivilege	784	chrome.exe
Token: SeCreatePagefilePrivilege	784	chrome.exe
Token: SeShutdownPrivilege	784	chrome.exe
Token: SeCreatePagefilePrivilege	784	chrome.exe
Token: SeShutdownPrivilege	784	chrome.exe
Token: SeCreatePagefilePrivilege	784	chrome.exe
Token: SeShutdownPrivilege	784	chrome.exe
Token: SeCreatePagefilePrivilege	784	chrome.exe

Suspicious use of FindShellTrayWindow 62 IoCs

pid	Process
2676	7zFM.exe
4448	7zG.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
1752	AutoHotkeyUX.exe
1752	AutoHotkeyUX.exe
5984	AutoHotkeyUX.exe
5984	AutoHotkeyUX.exe
5984	AutoHotkeyUX.exe
5984	AutoHotkeyUX.exe
5600	AutoHotkeyUX.exe
5600	AutoHotkeyUX.exe
5984	AutoHotkeyUX.exe
5600	AutoHotkeyUX.exe
5600	AutoHotkeyUX.exe
5600	AutoHotkeyUX.exe
4628	AutoHotkeyU64.exe

Suspicious use of SendNotifyMessage 37 IoCs

pid	Process
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
1752	AutoHotkeyUX.exe
1752	AutoHotkeyUX.exe
5984	AutoHotkeyUX.exe
5984	AutoHotkeyUX.exe
5984	AutoHotkeyUX.exe
5984	AutoHotkeyUX.exe
5600	AutoHotkeyUX.exe
5600	AutoHotkeyUX.exe
5984	AutoHotkeyUX.exe
5600	AutoHotkeyUX.exe
5600	AutoHotkeyUX.exe
5600	AutoHotkeyUX.exe
4628	AutoHotkeyU64.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4152 wrote to memory of 2676	4152	cmd.exe	93
PID 4152 wrote to memory of 2676	4152	cmd.exe	93
PID 784 wrote to memory of 4652	784	chrome.exe	114
PID 784 wrote to memory of 4652	784	chrome.exe	114
PID 784 wrote to memory of 4304	784	chrome.exe	115
PID 784 wrote to memory of 4304	784	chrome.exe	115
PID 784 wrote to memory of 4304	784	chrome.exe	115
PID 784 wrote to memory of 4304	784	chrome.exe	115
PID 784 wrote to memory of 4304	784	chrome.exe	115
PID 784 wrote to memory of 4304	784	chrome.exe	115
PID 784 wrote to memory of 4304	784	chrome.exe	115
PID 784 wrote to memory of 4304	784	chrome.exe	115
PID 784 wrote to memory of 4304	784	chrome.exe	115
PID 784 wrote to memory of 4304	784	chrome.exe	115
PID 784 wrote to memory of 4304	784	chrome.exe	115
PID 784 wrote to memory of 4304	784	chrome.exe	115
PID 784 wrote to memory of 4304	784	chrome.exe	115
PID 784 wrote to memory of 4304	784	chrome.exe	115
PID 784 wrote to memory of 4304	784	chrome.exe	115
PID 784 wrote to memory of 4304	784	chrome.exe	115
PID 784 wrote to memory of 4304	784	chrome.exe	115
PID 784 wrote to memory of 4304	784	chrome.exe	115
PID 784 wrote to memory of 4304	784	chrome.exe	115
PID 784 wrote to memory of 4304	784	chrome.exe	115
PID 784 wrote to memory of 4304	784	chrome.exe	115
PID 784 wrote to memory of 4304	784	chrome.exe	115
PID 784 wrote to memory of 4304	784	chrome.exe	115
PID 784 wrote to memory of 4304	784	chrome.exe	115
PID 784 wrote to memory of 4304	784	chrome.exe	115
PID 784 wrote to memory of 4304	784	chrome.exe	115
PID 784 wrote to memory of 4304	784	chrome.exe	115
PID 784 wrote to memory of 4304	784	chrome.exe	115
PID 784 wrote to memory of 4304	784	chrome.exe	115
PID 784 wrote to memory of 4304	784	chrome.exe	115
PID 784 wrote to memory of 4304	784	chrome.exe	115
PID 784 wrote to memory of 4304	784	chrome.exe	115
PID 784 wrote to memory of 4304	784	chrome.exe	115
PID 784 wrote to memory of 4304	784	chrome.exe	115
PID 784 wrote to memory of 4304	784	chrome.exe	115
PID 784 wrote to memory of 4304	784	chrome.exe	115
PID 784 wrote to memory of 4304	784	chrome.exe	115
PID 784 wrote to memory of 4304	784	chrome.exe	115
PID 784 wrote to memory of 4392	784	chrome.exe	116
PID 784 wrote to memory of 4392	784	chrome.exe	116
PID 784 wrote to memory of 4176	784	chrome.exe	117
PID 784 wrote to memory of 4176	784	chrome.exe	117
PID 784 wrote to memory of 4176	784	chrome.exe	117
PID 784 wrote to memory of 4176	784	chrome.exe	117
PID 784 wrote to memory of 4176	784	chrome.exe	117
PID 784 wrote to memory of 4176	784	chrome.exe	117
PID 784 wrote to memory of 4176	784	chrome.exe	117
PID 784 wrote to memory of 4176	784	chrome.exe	117
PID 784 wrote to memory of 4176	784	chrome.exe	117
PID 784 wrote to memory of 4176	784	chrome.exe	117
PID 784 wrote to memory of 4176	784	chrome.exe	117
PID 784 wrote to memory of 4176	784	chrome.exe	117
PID 784 wrote to memory of 4176	784	chrome.exe	117
PID 784 wrote to memory of 4176	784	chrome.exe	117
PID 784 wrote to memory of 4176	784	chrome.exe	117
PID 784 wrote to memory of 4176	784	chrome.exe	117
PID 784 wrote to memory of 4176	784	chrome.exe	117
PID 784 wrote to memory of 4176	784	chrome.exe	117
PID 784 wrote to memory of 4176	784	chrome.exe	117
PID 784 wrote to memory of 4176	784	chrome.exe	117

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Release.rar.7z
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4152
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Release.rar.7z"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:2676

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5840

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\Release.rar\" -spe -an -ai#7zMap7470:78:7zEvent30760
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1324 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
1⤵
PID:2776

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:5144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd823f9758,0x7ffd823f9768,0x7ffd823f9778
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1944,i,16155432379912383953,9137729307252587085,131072 /prefetch:2
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1944,i,16155432379912383953,9137729307252587085,131072 /prefetch:8
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2292 --field-trial-handle=1944,i,16155432379912383953,9137729307252587085,131072 /prefetch:8
  2⤵
  PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3296 --field-trial-handle=1944,i,16155432379912383953,9137729307252587085,131072 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3324 --field-trial-handle=1944,i,16155432379912383953,9137729307252587085,131072 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4756 --field-trial-handle=1944,i,16155432379912383953,9137729307252587085,131072 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4604 --field-trial-handle=1944,i,16155432379912383953,9137729307252587085,131072 /prefetch:8
  2⤵
  PID:5516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4920 --field-trial-handle=1944,i,16155432379912383953,9137729307252587085,131072 /prefetch:8
  2⤵
  PID:5480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 --field-trial-handle=1944,i,16155432379912383953,9137729307252587085,131072 /prefetch:8
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 --field-trial-handle=1944,i,16155432379912383953,9137729307252587085,131072 /prefetch:8
  2⤵
  PID:6084
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:5060
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff604417688,0x7ff604417698,0x7ff6044176a8
    3⤵
    PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4696 --field-trial-handle=1944,i,16155432379912383953,9137729307252587085,131072 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5340 --field-trial-handle=1944,i,16155432379912383953,9137729307252587085,131072 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5992 --field-trial-handle=1944,i,16155432379912383953,9137729307252587085,131072 /prefetch:8
  2⤵
  PID:3728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3284 --field-trial-handle=1944,i,16155432379912383953,9137729307252587085,131072 /prefetch:8
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3428 --field-trial-handle=1944,i,16155432379912383953,9137729307252587085,131072 /prefetch:8
  2⤵
  PID:3264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4820 --field-trial-handle=1944,i,16155432379912383953,9137729307252587085,131072 /prefetch:8
  2⤵
  PID:5496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6120 --field-trial-handle=1944,i,16155432379912383953,9137729307252587085,131072 /prefetch:8
  2⤵
  PID:3300
- C:\Users\Admin\Downloads\AutoHotkey_2.0.12_setup.exe
  "C:\Users\Admin\Downloads\AutoHotkey_2.0.12_setup.exe"
  2⤵
  - Executes dropped EXE
  PID:1960
- - C:\Users\Admin\Downloads\AutoHotkey_2.0.12_setup.exe
    "C:\Users\Admin\Downloads\AutoHotkey_2.0.12_setup.exe" /to "C:\Program Files\AutoHotkey"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Modifies registry class
    - Modifies system certificate store
    PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5672 --field-trial-handle=1944,i,16155432379912383953,9137729307252587085,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2164

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3192

C:\Users\Admin\Downloads\AutoHotkey_2.0.12_setup.exe
"C:\Users\Admin\Downloads\AutoHotkey_2.0.12_setup.exe"
1⤵
- Executes dropped EXE
PID:5900
- C:\Users\Admin\Downloads\AutoHotkey_2.0.12_setup.exe
  "C:\Users\Admin\Downloads\AutoHotkey_2.0.12_setup.exe" /to "C:\Users\Admin\AppData\Local\Programs\AutoHotkey" /user
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  PID:6084
- - C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe
    "C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe" "C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\reset-assoc.ahk" /check
    3⤵
    - Executes dropped EXE
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:1752

C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe
"C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe" UX\ui-dash.ahk
1⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
PID:5884

C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe
"C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe" "C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\launcher.ahk" "C:\Users\Admin\Desktop\Release.rar\Release.ahk"
1⤵
- Executes dropped EXE
PID:760
- C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe
  "C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe" /script "C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\install-version.ahk" "1.1.37.02"
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:5984

C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe
"C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe" "C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\launcher.ahk" "C:\Users\Admin\Desktop\Release.rar\Release.ahk"
1⤵
- Executes dropped EXE
PID:4600
- C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe
  "C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe" /script "C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\install-version.ahk" "1.1.37.02"
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:5600

C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe
"C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\AutoHotkeyUX.exe" "C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\launcher.ahk" "C:\Users\Admin\Desktop\Release.rar\Release.ahk"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:5580
- C:\Users\Admin\AppData\Local\Programs\AutoHotkey\v1.1.37.02\AutoHotkeyU64.exe
  "C:\Users\Admin\AppData\Local\Programs\AutoHotkey\v1.1.37.02\AutoHotkeyU64.exe" "C:\Users\Admin\Desktop\Release.rar\Release.ahk"
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4628
- - C:\Windows\SYSTEM32\cmd.exe
    cmd.exe /k echo SXNES TB LOADED && timeout /t 2 /nobreak && echo Choose your toggle key && timeout /t 2 /nobreak && echo Toggle key = " " [DEFAULT KEY IS Q] && timeout /t 2 /nobreak
    3⤵
    PID:5132
  - - C:\Windows\system32\timeout.exe
      timeout /t 2 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:5400
  - - C:\Windows\system32\timeout.exe
      timeout /t 2 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:6080
  - - C:\Windows\system32\timeout.exe
      timeout /t 2 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:3288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\AutoHotkey32.exe

Filesize
957KB

MD5
8bc086a1ce0b394de31cd415a3cd0e87

SHA1
620fbfc0fce8067a9af12c0e3267f8c17c658d6a

SHA256
05fcaf6f09b9fe4b85887f75183310d34166a0b854ca0907b497808be7b8f87d

SHA512
0f989b2584fdbfde2ea01dd0ac7ff7c51da0063ab01c57053ddf15547ba7187f2795d5013beff558431fe0db0a1a0af991dbc4af455cd86ba7d4676366104237

Download Submit
C:\Program Files\AutoHotkey\UX\Templates\Minimal for v2.ahk

Filesize
93B

MD5
cdc8756680c459bd511d2bd2895fe2b2

SHA1
a7ea57fd628cfe2f664f2647510c6a412c520dfb

SHA256
7f618d3ca343a0739a52a4a3c4f5b963ed98dc077b60c65fdc77d70fb0ec12d3

SHA512
101722eb5bba352d557e7d70704e24a54a129276857e8cc13f40da26dfa9267a67de79e52a0f552ff676d1825d0fb2eb467837b397d2e6905fa90d6891bccd45

Download Submit
C:\Program Files\AutoHotkey\UX\WindowSpy.ahk

Filesize
7KB

MD5
e2067d978526b83a1da967f16a69c125

SHA1
08000fb66e6f1b1fcd450f32e1757a39b3a7ba16

SHA256
040404a4def02f17cdafda938f5b63fc2181940ba1290da5742db0862c07166e

SHA512
a453669b15c18f24a989a57441f961861578c09c145a4364c982410e5e05ab09b05ad4a77929ccf4ab9e00e5e3d73029a13660156bf4eef9011accfd59800ea0

Download Submit
C:\Program Files\AutoHotkey\UX\inc\CommandLineToArgs.ahk

Filesize
352B

MD5
e8d9a7e78d6a2a40bfb532b4812bde59

SHA1
5674b63092a69c419a42bab9e7462bde3bdb3cad

SHA256
a6c51e2188e31e3510577263d7b96db147b0df3dfa24c96df8fdd9d73da859ee

SHA512
dd7d78c7724dca4684c732b0f3f8e73af67610de8945255b48b9301672ac0b4f405c802a8cd4c343d53266f492d2d0dcd2727b5ebdb9e90cfc9173876b9ab905

Download Submit
C:\Program Files\AutoHotkey\UX\inc\CreateAppShortcut.ahk

Filesize
1KB

MD5
2ffbde65b63790c5aa12996e9ef9068c

SHA1
a793986e4e72d5b5a866e927855eacc3a0399a7a

SHA256
40a6f0cda5fd1dff324cab288bb453aa60b41b09dacbfbc64f2d871423f33935

SHA512
315b2803c8e803b238e87de63a5737350e41d248f67c54662341ca889c3bd5fc6fc2f516ca20f1ff4d74fca4af247b64ec7795d4c4e8990fffce49bbf037a906

Download Submit
C:\Program Files\AutoHotkey\UX\inc\EnableUIAccess.ahk

Filesize
10KB

MD5
65d05ec61cca0547e218655e65e5ea7c

SHA1
1cf93558bb9f1ae5a055b3f9085bf4166b7f43dd

SHA256
a9a824a763195e5810bf904854af7ed41c025527b2b8faa7532c6f24189d69b9

SHA512
65172fa0f9148106e44fde99e0bcad173c4eef405a19b1f54961f2a248f6e6b0a05568d728e83d6582113d0d12a5e87ce763c53271c4d52b9362b19e22ea7d23

Download Submit
C:\Program Files\AutoHotkey\UX\inc\GetGitHubReleaseAssetURL.ahk

Filesize
844B

MD5
1a8ab9bb38fd0da51d03dc48e3a0b2ea

SHA1
5c74ddd45c91a39b921139881c76c48c97e35825

SHA256
48a3f822a720b8e9b41165a1d19d56411d1f58036338ebd07ab40f2a14cf0f1b

SHA512
1b88603fb9eb28e717cb77623ff0159f5f45e677c34316dc0c5d5c2ed46c59f10d3afb532b1f99920f91b8098e544873f944b1e0e575efd694dd24bdca22c14e

Download Submit
C:\Program Files\AutoHotkey\UX\inc\HashFile.ahk

Filesize
2KB

MD5
727ae6f2ec77a5b56774df9da14636d2

SHA1
8216a2122c825127ca59b05b0bae0d57e92f1110

SHA256
84032ecac8ed334cf8788a81bea721b0af5cd7ca7dca57b60cdec3556ae33914

SHA512
f1058216b5d1b8d590eb4cafd5139f71f8df5f96a3fcc314a7635cb1b99de8623d87c57c567868ebdafb09925b8d13fdadcee49fa89f1a239725a92b948272cc

Download Submit
C:\Program Files\AutoHotkey\UX\inc\README.txt

Filesize
182B

MD5
4b095aae00456aa248024a184671e4d5

SHA1
84ae516fbc62ce0aa10ffeacd7ba865a35a0a375

SHA256
d65c6e73417e6bba7a619f2e68933b74e6ae6141277b65542aed9b6acdfc83ff

SHA512
77aabe92719d8fc7a28c76f3b76fa2e42a188db14f004262d8e913620aa990cde29119b82d919511fc0d828ca0a108ea79858ba158b6a8ed6a260b72b4ee229d

Download Submit
C:\Program Files\AutoHotkey\UX\inc\ShellRun.ahk

Filesize
420B

MD5
9e53fca8c7f6a9ee179f0fc0a7890ea3

SHA1
dc2a1bf437eea36b3f5ba9318f3b391b405d5cb2

SHA256
ea67340c555fdc1abf8e324ac550ac37d2ba5f96a8edef120e72fb340f8f95c0

SHA512
cad5c07f952fb93413b4a3990c522ba4b446ae41f11c8dd323bdcde1b30fbfd76515606d5dc4bcb8768bd382cdb82553801539a192b002696d253341f3c0dbc5

Download Submit
C:\Program Files\AutoHotkey\UX\inc\bounce-v1.ahk

Filesize
142B

MD5
165b8fc572f943e3665994f87f1772b7

SHA1
265ca3d2a66a7e1807962eb7e8a444cefb61bc0c

SHA256
9b75c7f804d1d55807459e6f06db2bee8e1fb60ce9c9340d44a7b491ce53b982

SHA512
e675453eef9a10560cb9ea95e993d8068c8dfca3664a140b6ba33361d0736632b8ce3a37770411583f558476173294bcc12b83bf33190d89eb009bfb9bb5f0af

Download Submit
C:\Program Files\AutoHotkey\UX\inc\common.ahk

Filesize
688B

MD5
dac79ad5a978f0497de70a005b6a6084

SHA1
db100ce15998772fe322679468f46b0f25239eb4

SHA256
dbc1420c9368e954176cd1bc38c0bf5498d721cb7dee50b5abef51611a33c658

SHA512
9f2a2c0e01724ef82860cfb97fbe6196d29b3b41080f04b3f51653f2f535849428b0a245bc954aa57569aa660d5a5a20d2d1e0dbb9081d718bf2deddb051f47c

Download Submit
C:\Program Files\AutoHotkey\UX\inc\config.ahk

Filesize
429B

MD5
248b58535f55eb55d9baec04a384b5e6

SHA1
76d067318b67da9a3da71a232a887c8935c7068f

SHA256
4d1f241a0c973e30f1bf19e71cadb386b872a14bf0c29d32d4781a56cafd998a

SHA512
0186eb49da706c6cc6f48ecd94a4996c258ecea10bed26b9c79bddf0f7eca32df1449166309237859ca2508427bf79d447a2202eaeba211228da9822646cf23a

Download Submit
C:\Program Files\AutoHotkey\UX\inc\identify.ahk

Filesize
1KB

MD5
3e5c97e6c3a76686329c81fba864b26b

SHA1
ec111d01a5299de2ca93c5441e92bb49d9d5e710

SHA256
f5b97911887c303b6859de44eff73780309e31e931dcba86a66aaafbe932af72

SHA512
c70ba459abb2c35edfd62dfbe6efb9c54d5341802a72ac7d6b3b63877f28a97a974b96b6de747e29909550d6ba2c5d14da40bef6d91841c5c8c5a903697307c7

Download Submit
C:\Program Files\AutoHotkey\UX\inc\identify_regex.ahk

Filesize
3KB

MD5
f27f09d324016bd49d2da38901e79a61

SHA1
f2af4ea1ca36dc4ed53ba3a5817b83d457c9029c

SHA256
c2563ab626df892398083404acecc5229300ba7dc6077b120844c65facfad854

SHA512
1dd5a6ddf87a3026f5b2d468197173af0c4e6c2eeab64113bcd2bbd56be46089e546f694fea2416aadc9c2669070b29ef26ec689dfbe73def8af6fd0de310d04

Download Submit
C:\Program Files\AutoHotkey\UX\inc\launcher-common.ahk

Filesize
2KB

MD5
696750c1861231d07ff4548ad4360dc8

SHA1
eb4b90b17aadf7b1ccdc484840b5500494c4a787

SHA256
f7d5ac8d1cfc77685cdcdbe89abb8ac0a89f5b6eec1ac1385069b72a05d05315

SHA512
5745b58987555c797f90efd65bb9e02e3a9139b934e27b287816be79a988f04eef6dd8b8af43c30f5f4bc5360ca7a3e42a21734915277cf3a18a91ea39ac3636

Download Submit
C:\Program Files\AutoHotkey\UX\inc\spy.ico

Filesize
4KB

MD5
eeecd8af162d3f318496e0e60d6d8c57

SHA1
31a99c80e4f1033914ce9344e95b84571f76ad2d

SHA256
968473df8eac7264d9e84e6ae91a4d706cda9f89f345d182617b161ef4fe1a7b

SHA512
6f55968adf7f2f02e128945016ed0c4d003c9640e4cbfc7b22b82374647e6ebdb07c02e99240da369789f4107d2c130e54d4acb1324455fd26668c4d1d009884

Download Submit
C:\Program Files\AutoHotkey\UX\inc\ui-base.ahk

Filesize
4KB

MD5
f4251e653dbbbdd8cf4640bd9855c207

SHA1
d08b6e5796150aa1436fd3da39bfc5fdbaaee297

SHA256
deffd87d99ff125eccac2331a8ba4e3a0044e150e80316e9469dd57f322beda1

SHA512
86896ccb0acbd27eeefe6e02747958cafcca31541638435dfe9f08d89b763144f6b5fb521df11dce4c3f46b186de4905f56ebcc7c57d4c29ef2a0731a6492698

Download Submit
C:\Program Files\AutoHotkey\UX\install-ahk2exe.ahk

Filesize
1KB

MD5
c90bed0679b789b74e4865ae6f2709a3

SHA1
b0dbee6a237ba93daec76a0553cd3254821d60a1

SHA256
c242ebb51241acab13152d95cdb05be5382ffb97f3dca2da3a4e5a084c2e3ff4

SHA512
f8dfe5c558b427e05905b2a3d8a09632347edf945d47ed4fc82ec38a9045f5837a798ef669f0fdae6504d9eee6762c49c8e6c32adac0f6a3e6c2eed6d48e64b2

Download Submit
C:\Program Files\AutoHotkey\UX\install-version.ahk

Filesize
4KB

MD5
30b87fbfadc592c38be9d82edf597fa3

SHA1
1ff5d720858a38bdd2e21a5a492938c07b2811a5

SHA256
1e59921bcddb3c41651eb01605cdefcdee3c6adec5db6b7cafb7ab801ead5e1e

SHA512
79a407cad251f45d13c0505cdf7e27a281455e3eefe1f7fc5aedd658297351ac7dbbce21065a29ed9d86c6b908a175cd83201e0d60e972865e6258c2f8c145a7

Download Submit
C:\Program Files\AutoHotkey\UX\install.ahk

Filesize
39KB

MD5
817e7747dcff942d2f1e65cec536cbf5

SHA1
1d1c54d79138b0266d349518fa15b9beb323621b

SHA256
25e530f9cadf91f63eeb04c99993355bbf79074a7559dce817a515e177f32328

SHA512
a77be0d30e848d5364a7ddcbcff563649c06fac546c27471a0fa35bf60286f2d3520033df87e97f6d4efd2090e84ded0fc0ca0aa1a87cb41d7f361ad833c406e

Download Submit
C:\Program Files\AutoHotkey\UX\launcher.ahk

Filesize
17KB

MD5
596b69069bbbcc9a22ac26bba6efe546

SHA1
694cec54200ff1ec70dc56320c577b652884b53d

SHA256
830db4be4c8320f23ff32316dac933d4e72d9056ea5a819cc12c38614da6e06f

SHA512
1c18acf4403915c6a2562f5e26c0ed7c4fc00e9d67d19622d1db8bb9338ff6d6e8bf9abe7317f1b529ef1c24901b45c3b13dc3b734d97582c91b206bee9aa8f8

Download Submit
C:\Program Files\AutoHotkey\UX\reload-v1.ahk

Filesize
556B

MD5
35f4753a58432446b99bf89a9e930bf5

SHA1
babc3341d9d95865a36ea9a20549a61146093006

SHA256
e4659306a755b583e9cef5fdba3b3eb102d8939fb028afd91aad4496e758fad5

SHA512
ac3483a17ead5173ce40a6af55c3c2361652fefd94c0bd82e004df8186ffc31eab194534a25fe995d677f2f71363095d177c01afb6ae50f2b63ba156855ef5e5

Download Submit
C:\Program Files\AutoHotkey\UX\reset-assoc.ahk

Filesize
2KB

MD5
0299132478b49e3eb706c214bf32e62f

SHA1
9705c410b9f515269c512c64129ced8e0b1b23d2

SHA256
d26caef44190e0b612c3e4309ff6689dc2953c72cb3de1c94d002250b089f16b

SHA512
2a9ce8ee71ab207dbf4c4fcc2634d49233304da858c7880813a2127c2a063dc58703d4b2129498db630d081e1d72f899d348c01dbbcc359d92ab720b89ccdc44

Download Submit
C:\Program Files\AutoHotkey\UX\ui-dash.ahk

Filesize
6KB

MD5
669bd791c5aafb60ee0885ef064d3622

SHA1
acefb3c3997e2eadd32413814e71aaaad5a8b6d4

SHA256
e8c0b4e149ad58c57e77aac12041f1fa8bc9f25c6d642d12837efc5fd97b8d21

SHA512
eb0345b3562523c58894752276938c7e5ee63b7c3a660317c9a4c1a93b6e530b12015dd380a8a230324b94a9f042380c1a1d24b49d21c3805a4711cb185a33db

Download Submit
C:\Program Files\AutoHotkey\UX\ui-editor.ahk

Filesize
8KB

MD5
82eb574294ff4e2e7461b95f5bad0a87

SHA1
a981373ef3bd61ce5a2f0ad9bedaa1cf4acfd591

SHA256
7263286eb3a42eccf5edc39b43c74a8bf7c82f2671204d1ae654236c1de3f05d

SHA512
1c54e110b384d55ca0243ad343e69d1f0fa9b2a863af8da75a5c992d19f9e055182bba09be227882f82d0ebf4ec94094723e2db06cdf7ee2ed574348a8d72c74

Download Submit
C:\Program Files\AutoHotkey\UX\ui-launcherconfig.ahk

Filesize
8KB

MD5
852bf007a6ddd80a2e5c9d82d874cf45

SHA1
6f293ec5b59645f795e4feb3f02c026b62ed428e

SHA256
c91e18a25069e7b501d2d0e1c8fc23b78cb962d93469cd0b2ea7e24cdf181dc1

SHA512
95f2e6bbeb9138125ab337d6ba047b824ffa527a5f2403c12bbc4ee4a4e73b516d963e09c81d453bcafb01bd396d991da8d36d8a91707e557ecc61c1ba9ea91d

Download Submit
C:\Program Files\AutoHotkey\UX\ui-newscript.ahk

Filesize
10KB

MD5
1b88198b4bd36eb25e23dc412321a555

SHA1
d3b5670d1bc7343ae40ad087bc22309dc17e118a

SHA256
31249ef15cce83d150a9a5de11168a5052ff2c55dbd574b8df1c054510b61843

SHA512
409fb90d7ea768c9d9a2574c09b8a69c93e8afd76234c24e3e0f71aa3f564a4f1aa46ff18ea328b1afccab54604bb239d37249d5811e3a84f0ab692b032a732b

Download Submit
C:\Program Files\AutoHotkey\UX\ui-setup.ahk

Filesize
7KB

MD5
dd3f9c2f9115689f4350896752f15926

SHA1
fa19f1632b865b2bc098611a8be66e9f10dc692b

SHA256
68b114a2ea4af9df54709a78ec5991a1f271097b29cb93757403fdb158746bc7

SHA512
12f34d5ec7a7d5452eef97e4c87093240050756c564140874d316d0b9d194c961debe139badc943b024b680b68961ef6cbe71fc1a567c6622797f90ed51fa549

Download Submit
C:\Program Files\AutoHotkey\UX\ui-uninstall.ahk

Filesize
2KB

MD5
0fe4932669e99a498a7bc76975919000

SHA1
e0d6a7b484d3a6c0d7427f611c575f93e4f87ba4

SHA256
1e09fc4af5dc3e673d4facfe4fa849c6bdd0b29c67b0efd7f96aaf387fcef698

SHA512
dd3b99739106953608ac2eb2ecc4e3d316b5122b1b305bd7cfab82fcc7ec0d92b5944f4724d37cbc01ca5c6b5381b57fad9256586b5dfd0026453f9c11a32394

Download Submit
C:\Program Files\AutoHotkey\license.txt

Filesize
17KB

MD5
e3f2ad7733f3166fe770e4dc00af6c45

SHA1
3d436ffdd69f7187b85e0cf8f075bd6154123623

SHA256
b27c1a7c92686e47f8740850ad24877a50be23fd3dbd44edee50ac1223135e38

SHA512
ed97318d7c5beb425cb70b3557a16729b316180492f6f2177b68f512ba029d5c762ad1085dd56fabe022b5008f33e9ba564d72f8381d05b2e7f0fa5ec1aecdf3

Download Submit
C:\Program Files\AutoHotkey\v2\AutoHotkey.chm

Filesize
1.9MB

MD5
e42714518b26bc65d26b813e182f90cd

SHA1
1d739f1071e4a087234a8b73c32786baecf815e5

SHA256
10fdfce6830404381a0c9be77f7c149760fd0ade8dd65571fffeb6c8c5008553

SHA512
195e4277e006dc326f0bda15eec2b190440d6937120dd1aac99c80cccf85adc8a4f2c21381eb65d5ef24cc0c6c438973d9d30e6da6ea22b7afcc7e46002cb980

Download Submit
C:\Program Files\AutoHotkey\v2\AutoHotkey64.exe

Filesize
1.2MB

MD5
825448610a8213a8408578df2361d5eb

SHA1
f43875855e4f02010ad6c755067b813d0fcbe68a

SHA256
37ff15a23a98f0a658298e21f1873ca896a05208810bf796f90ca212ee07c7b1

SHA512
7556143128878b2e765309db8b35cc8206d325c0c17c37b191600bd8f719a923b0f917f4c53f0946ed2d12136a9e42774246595eed78f1038779fdcbd3736eee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
717B

MD5
822467b728b7a66b081c91795373789a

SHA1
d8f2f02e1eef62485a9feffd59ce837511749865

SHA256
af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9

SHA512
bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1B1495DD322A24490E2BF2FAABAE1C61

Filesize
299B

MD5
5ae8478af8dd6eec7ad4edf162dd3df1

SHA1
55670b9fd39da59a9d7d0bb0aecb52324cbacc5a

SHA256
fe42ac92eae3b2850370b73c3691ccf394c23ab6133de39f1697a6ebac4bedca

SHA512
a5ed33ecec5eecf5437c14eba7c65c84b6f8b08a42df7f18c8123ee37f6743b0cf8116f4359efa82338b244b28938a6e0c8895fcd7f7563bf5777b7d8ee86296

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
d59da5cc20db95467e6eb127ed04a283

SHA1
a9edae49e83dfc74ea3fcc4b5861749d7a385265

SHA256
d6473e7a0c2606794dddfb1eb6ad194f0cf1e0ee766000807028fd668c9e6982

SHA512
8084f0f4f962116e9a6fad204cb813c1f758f9c2f39351a92c5053589d6139040e96777ce6d0864a65ac443be910780bb662e3564f51d656474bcece739a03fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1B1495DD322A24490E2BF2FAABAE1C61

Filesize
192B

MD5
97c0f76814135e610d85c85648071a3e

SHA1
f98c09cbd4a8b957550cd77ff272ac17df8d1c99

SHA256
68d21e1ccb001b0b09d0e57e5b7626ec5da79c7173a0c8a3f7cc50703581260a

SHA512
f65a977f90681da1a35878896ded7d28d8f21e307eabd62fe7d7182d015cd96638993dc9f78ad117bddbfd8e7810730a1ea29ac98b1b22681a0e9f6f302b2e13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
b576e72582ddc61a646a7a609e83829b

SHA1
970741b761ad877190aadd1a02b66fdf545e6b31

SHA256
6ac86953eded715e79b09ef0fd09874a0be5a133eb46eef213f6442d09e00a26

SHA512
075f5e1813abd9f336c06f95c99a4bdc8d962c266eb71fc5d3f3d48eca7e547ce604f8365787b38a61ada6979a3787fe4c775f2002090a83b3d6a50ffdbfd2fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
53d7d0bab45456470a694e9780e07593

SHA1
f95ff6b5a6fe75ac6c1679302a3f6857e10221b6

SHA256
2d142346316b4952f5a2b3e61d0056660fecd43ccd3c69bf1f96de684009bca2

SHA512
bd08712c6cd86029093936baf7a2345733d962075bab46225fb30a5eed03f6a91ba4c340d4bd371a4d71c178425f09b423e29dbf3d7b9573b804b6c2875134ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f4f74b4fc01209e96a69d78401a94b6a

SHA1
13330e9b6c960c75800793f41ed99c7d4a9973a1

SHA256
a8935c7e98a352451f0a154524922ab18fc3935fd6233e007a22444440428ad2

SHA512
4e61844e2b9f554003c598601bbcd0219e9192a15217497df8fa3be188217bc1f4b5d1c7e9081fedfbddd4e0ea8e66454edbf981ec9bb975b4969709eecabc60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
871B

MD5
d088164003c7dfc4e097c14e2bc55b51

SHA1
f71b926c33eecccebeb9a6283ed6ff1e5433cd1a

SHA256
c62569d05c24395116bbf7c71407bd2ea12ab7e18e40caa53bf108953fd10021

SHA512
f00fac8f320f8d86c7d69ae8e9add37d51a61ff0c5796acad9330ca24405c9fabc31f1e7b422463d47873988218d151454c37880c58f934b7870af4010f2cd38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
704B

MD5
557eabcb0230380a6d67d56908c7c830

SHA1
7d589b7c182d7124907b21098982d68461ce5094

SHA256
9f7005029bb91af6b98f9de3b475127e7269ad4b14db3682de132fdd06653eac

SHA512
ae2ae56f38446210bb1c33810dc96de594ebb689189d2c5096d49c591ab36e0b7db071dffd61c1f6d77b340e8022449a4fad0db2de49aa136cf9ac5e01872207

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a80d18953a46b82ca6c1262e7611b75d

SHA1
0be87d1790c0c47a7dec2fae383e13bbd6bc933f

SHA256
b7d8ccea39cc7fb0938b019588983ad16a954053f6f40fa99e6da675d517efa8

SHA512
9637c4569c16b2bcd8e43096ef44e38b3444b1652a96a7b91def46f941129ff7ed70292a153fe9b4a534f57b1e4d3e2ce40d7959ea01dc2987dd39907e110a5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b346a5c48362541db237a160c582cc69

SHA1
9b020e5c6ac4f44c2fc9659e11c045ed3eaa22c9

SHA256
0cfb9330d9f136a7d877e70d606916e2b6b2c9b08ee6ed19364ff5c818efdc0f

SHA512
b276d71f8a02a61ec325f16d2d75a623bcd3330a67d30f21faffbdb1b372b31cd33b497bcedc7aa9e5b59e8dc4b9329f3c028a8b154f3301bd0f200ff561b50a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
40992016a3b8307efb736cb820381185

SHA1
eaf7ab9cbf6f889e4c3185b9323db355b1af4c58

SHA256
515bad5996bbef872c104dc58f8901a9bc492653a92c3c0557c97217e8555e07

SHA512
b9850cf2766cdd74e86b04a3ca4d530a1677dc2b0ecdca6710cb062091dd0d05c990eebd7f2abed68aaae806f88efc07d75aab055fca96d7a6d63f1c4fbf8f2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
52eb114cdf392ee8b2016787910a90f0

SHA1
d5fd66e3002be73bc3148974d9542fbd56092ea3

SHA256
b464f64052ebd778231a90c9c28ba01ec1d7fd1f92a385dffe315bcb09140ef1

SHA512
ab2cf0a58d58737ec15c137c4781a8d8a1f204ae55e0a62b769a94ce1ec1eefd0056e496140ee6fb3c12caddefc0a4e2fe2b96d001d767a64f0f727577c18807

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
48a8b01cf4dd88dc39855fd96907792c

SHA1
6204213f4e19e1117e977fe5008fbfa0ec97d38d

SHA256
89cb48888452e342512c264504d246ad926d7a4d6f816487b0d92a19968ef9eb

SHA512
0935213bf2674d10127a56f346de101c672eabcd66ac72dcc279f6bfbef69d99163b1b88017441a8ce7770be5a11e05827e9a3b8dc0a49522ca77c1e2a1a4d20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\a8f84fc0-5891-4c15-82b4-75086ff35c3c.tmp

Filesize
262KB

MD5
be69f22eb049c17c0e123d33ea0c8d5d

SHA1
b70fcf18625b7458171116e73caa8516e2c317cb

SHA256
6cf5287e76560cf3217e1240f4039c9f90e9fd29696a62196b76123ea09ca09e

SHA512
67a5ca3117c9b313ec2fdd053f4f26879523748010cea3ccc66a2ca71b365de70b8df6c23396d3df00a9f19cc9cb6508d2f94ac40f7337173e88431b6bf7fea4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\.staging\AutoHotkey_1.1.37.02.zip

Filesize
5.1MB

MD5
20a979f8c1f21b304fda42139c5ef2b5

SHA1
fad2885d3e9a65c0ef89ecb62e277a9c1f4cf652

SHA256
6f3663f7cdd25063c8c8728f5d9b07813ced8780522fd1f124ba539e2854215f

SHA512
d04aef8e9688bbc724cc64e34c16b6a059f2a11570f867e50bf158fde6f4490ff80aa84d13454db5325848ff85b39d42d29c9d03fef94ad94a763cd7343b1f28

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\.staging\v1.1.37.02\AutoHotkeyA32.exe

Filesize
775KB

MD5
fd94b77958305a1ac3eeac27ee765256

SHA1
bdf7f5633cd529186c7c9c87c120a58c35515d2e

SHA256
6a98b438b67da7316e9251eb1a92cd5384a8349d239a77903f7282fa076a77c3

SHA512
1e97ddbe9374513ec9a1f51313efb3621f81a309bf78982688b4c19aa389f0b422a604d8adcd84dc1ba28f44135d30edde06e32705fe02762e92cf2bbc725a91

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\.staging\v1.1.37.02\Compiler\Ahk2Exe.exe

Filesize
972KB

MD5
78515b1091f74c0f828aed92d3c972b0

SHA1
0103e030518db102631310ce4e2eb7673d7a1994

SHA256
754a28ed76a7b4eba7909b146cfc4c4c2aa43aff54e10a5cd6dbc939c0732b6a

SHA512
8edcfe6a59d56d69f0fb7672410fcb24fa0722a5d651f076a3b76a424140e162a213fb038c995ae9c2024929c88aa1fbd979694a485163c2d3f8ca3be75502a2

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\.staging\v1.1.37.02\Installer.ahk

Filesize
65KB

MD5
015d8f0a9ba93e41f418b8db8bef6a10

SHA1
06d35e419dc82f91d123f129b88ff46511d1cf2b

SHA256
ef88ba74aef53793937ddfaaca4908772fbaf2e7c9bfb5fdeb3c0a6b95755cd0

SHA512
cd034768b35fdb96251563cb87cddbfa63c55bfb798aa8ec6fdd9faa6b0155d6b42bc30ace6fe9034aac45ba3abc434613df2cb0e07a4b1b0bf0ed8ebb2e71d7

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\.staging\v1.1.37.02\Template.ahk

Filesize
324B

MD5
a85eeb1dc6f9a33897c407b4240dc20f

SHA1
be409c1ba630f2f11ab31e5f42c8a90ab49e8d8c

SHA256
23e5115a25e2d539057443b0f0e9740b9ae85d7de0da204f1d739c9b2e206058

SHA512
9ecaf71105745739d79207313bc837ecb9fe63cd1cb66e75808e615dc58f5d931f9744fbb04c74085a8cb03142ce43611af7763e8b21e4821a32a58b0d64f77a

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\.staging\v1.1.37.02\WindowSpy.ahk

Filesize
5KB

MD5
32020e55548b1e9e7ce22899617d5cd2

SHA1
6aaeb5009dfae698449449e560feda2257187fd0

SHA256
4688629be394986c8dbe6517032429e6e8cdd9f5801ddb1ac1f53e6fe86eee7b

SHA512
12b5ec622a7f5d3b07d7db821002e4d7886095be0274509d721040812bcf01348daa6a6c9db485d6ac6b58f9684443db0a31963433a33cd3e8a3c7c2e3119475

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\installed-files.csv

Filesize
3KB

MD5
9884c97eea4c653754ccb1c745ca1116

SHA1
000b9faf3291ae304952ddd81b834314ad61cbf3

SHA256
f4a7bf7486c7c1a980a834af9861d54d783991bab08cf72fac007059915799a1

SHA512
80f40a85668360547451bb3107616d5588182eb1a18433178961bbfe0bb6797147ff4f6d830b1db48bb306b1b6b3b7d3c51d859a31f665872ceeda908c3d6008

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\UX\installed-files.csv

Filesize
2KB

MD5
19e962df6166e43e00adfc3be9216efa

SHA1
7e68177170bb6aacc58890afe22624953b4495bd

SHA256
27ceb28a311cd5a73fdb48ce05111b05f649b664051f98f20287f8594cc0b520

SHA512
7dea592254fb6045a8d4ffde5d85a4d77dbd674807e3bd6ccf4d657891093d81f7359d5cbd32cdade121f1e68bd65fa6430cba57debdeffc244ba75e69b96ee1

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\WindowSpy.ahk

Filesize
159B

MD5
e5918a52b52ca3ce2e99788a26477984

SHA1
87c2b54b65663e1e29e866224faeed7e8bac759b

SHA256
c1908cfc4b224b3bc8d1a5c67cfe4acdb4e738d8acf98560905afc412981c18b

SHA512
4f320cbea5adfed4b07012e04281e8713689271932b26d3886e3519389b15e2adadb87217c5bf09b080d3db976c77accf555493b7eab5ceb45bc59131772f8e6

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\v1.1.37.02\ANSI 32-bit.bin

Filesize
704KB

MD5
31ed560d3edc5f1eea515c4358b90406

SHA1
36efc45f806ee021ef972dc80932f13f532d9ccd

SHA256
f5a5c05bf0fedcc451ade5676a5647e828a6f08cf6c21970e6c035f4311b5a3c

SHA512
cb410bad3297493b68e51677b920a808393a30096eefd1cb2c7cf07c8432c78658e803099841be8167eff3f42475b765992da7c11a31e39108ba49010b07ba6f

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\v1.1.37.02\AutoHotkey.chm

Filesize
1.9MB

MD5
17d5e275dbc8278d888f7da1d681d7e3

SHA1
245cd35e6caa42fdd3936d2122c7464c877d6591

SHA256
de37a93068ca25701b3413eab0f01fa1646d2dab0346d78494192e95d94ad521

SHA512
041420c5fcba5d2fa5e2d549319948eb77b416cb32ce848218b2681f3bdb5a7ab50d795cfdabd068330f6a4f16812ae91564d654a958b0f0bb188d11890c4ad2

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\v1.1.37.02\AutoHotkey.chm

Filesize
1.9MB

MD5
80fca5f8cf227a13a72b62c150e9d831

SHA1
d04d9a98f72728c102f463ed6a3cc0cb0913a918

SHA256
a183c2f8cb8aefffd171ee3ecb436859d5a89a59b3b740183c319b0341dcc893

SHA512
239c1374d68431a43be81fc359ffd3f1ab2dd8f8a3ca42b8b1d66657d3716f5a982aeb05e2ce768110ee25de8361660f45f1b9b271cf7f727d40951016aecbb9

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\v1.1.37.02\AutoHotkeyU32.exe

Filesize
893KB

MD5
b6af97aa32c636c3c4e87bb768a3ceb7

SHA1
83054af67df43ae70c7f8ac6e8a499d9c9dd82ec

SHA256
ba35b8b4346b79b8bb4f97360025cb6befaf501b03149a3b5fef8f07bdf265c7

SHA512
54d2e806503f8a4145ee1519fc5e93cef6bf352cf20042569466f6c402b0a402bce99066decd7729c415cd57da7a9923a1b65926b242672731fe2f9709cf6920

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\v1.1.37.02\AutoHotkeyU64.exe

Filesize
1.3MB

MD5
2d0600fe2b1b3bdc45d833ca32a37fdb

SHA1
e9a7411bfef54050de3b485833556f84cabd6e41

SHA256
effdea83c6b7a1dc2ce9e9d40e91dfd59bed9fcbd580903423648b7ca97d9696

SHA512
9891cd6d2140c3a5c20d5c2d6600f3655df437b99b09ae0f9daf1983190dc73385cc87f02508997bb696ac921eee43fccdf1dc210cc602938807bdb062ce1703

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\v1.1.37.02\Unicode 32-bit.bin

Filesize
822KB

MD5
db213c2dc5d0f542a1e925f09c021e05

SHA1
41bebccc1dd9c44c4407892daa3d3fe44c2216d7

SHA256
2d193510b56fbdb8530f8ded2f1c9fb982df971dca5fad1f24f558be16a4f804

SHA512
dd0977a599359f577c5a52d0f86092a12488f291613a0d4812fca64e0553c4d61501d5213e7afd1a62c62da8470e4453f8d1ea2bbea0be74ab223bd4b47e97cc

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\v1.1.37.02\Unicode 64-bit.bin

Filesize
1.2MB

MD5
30da2df436169d6f09732e61d8849a05

SHA1
25694362dfa391caf55733772ca61a95978d507c

SHA256
6e7c9ae1daabdb958a4d9c8e7297ba956c9504b5f76ce61fc31281f5bb0b0b55

SHA512
134b616b01a18f9451cbfd947d6dfcba21a31615a5cb513a29c6e5f77d8bb2776e868a215f7f533b1bac6a82536cd8838db7b1f69025735cbacf94afce158066

Download Submit
C:\Users\Admin\AppData\Local\Programs\AutoHotkey\v1.1.37.02\Unicode 64-bit.bin

Filesize
640KB

MD5
48c0fa75d85ad67d2e3f6c25781aebee

SHA1
f0b44f54a163e70242751cd2303a29bca6d34f91

SHA256
c4ef074e7243fb2b50b6440bd522974270c380b7149dc3c05133dd6ec472864f

SHA512
c4b101a3105afbbf594f434eb686a0001da00500c9b1f4e3db0226f972d52681d506cc415c16d75e6c507f0faa109a869f2dc319d9a850826990f23d25e52f2c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ahk2Exe.lnk

Filesize
1KB

MD5
7837a7713da365e8148085c5c06736d9

SHA1
56069326da192464b8ee036425d91c33e90882d6

SHA256
431f532551319f1663234dd199b22b775072e253221b82f7eb30977d2a07f2fa

SHA512
b74eb4acaab0d9089f9a12dfc63a4bfa7e26dcca89bc214c4721c697376d2e003352469f7bc13eed302feb921c258adfc06b9433810c660e16f23c6c06ac65c1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AutoHotkey Dash.lnk

Filesize
1KB

MD5
43b77df8496d6398358d25e801e5e440

SHA1
65eee963f07930a4ef779fa2a399d52ddddd0b40

SHA256
b140cc7ed8509fc67c0b201726e1f9cfbe88f447de4dfd3d8b38964b3cb25bf1

SHA512
0880af1c0a016ffd3ff8bffef7fd39661d57ea10eaa40f663ffd6a68abca2cd92f26c9b5b1782426532a657be324f75dfa675859669cd34c5d02f15a5fcd17bf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AutoHotkey Window Spy.lnk

Filesize
2KB

MD5
96d624c418425a837a9074fe0753669c

SHA1
99a11948e48055cf50e02d053078b3155833528b

SHA256
ac25dce05e5f5a24a0d96c7557c982207e150f49a9d32f6e3d89f5fe10741a22

SHA512
6607332dfd32250a9ca8f2f55dccd5bfedb8754a9b6c78eb778d6d948f9b23beff506e60301efa54ffbf4473e33eaf468cbfd54391b54386d6bb8fd078f0d75d

Download Submit
C:\Users\Admin\Desktop\Release.rar\Release.ahk

Filesize
2KB

MD5
09dad225e7c7317dbaac56d81e5c126b

SHA1
c023f3c32f4843bb185a4809f49ef966c94a7710

SHA256
ab394db682a8f2e6987a7f64a890ac53d7354ddab2ff2a84aa148d8b5fc627a4

SHA512
2ab5a42a06d1c617c7553ac077a79c498c0790266571ac4d8f70e9b58a3ea94aeaddc6d9de802707529e6bd911bdd451b447fabe330d0935d69dae2fe8a9d45c

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 437742.crdownload

Filesize
2.9MB

MD5
2cdbe2b76a36b976e9980fb4733f1052

SHA1
64bbb4dbeed8639b272a73c2cad0f9155f42115d

SHA256
4e1e3123dd85d3ac65a0803b08dd89b9b12b5a00b9f566782855332d03e5fe26

SHA512
cec27f241f62d49c639cffdd7be4e56c49de3bdeabbdb7337b24a054361ae3412e72e48e182a7c18b76b611f605365cc02e4b0d1cdca201cb356e38b6fd78330

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
memory/1960-187-0x0000000000400000-0x0000000000944000-memory.dmp

Filesize
5.3MB

Download
memory/1960-207-0x0000000000400000-0x0000000000944000-memory.dmp

Filesize
5.3MB

Download
memory/3084-395-0x0000000004BA0000-0x0000000004CA0000-memory.dmp

Filesize
1024KB

Download
memory/3084-396-0x0000000000400000-0x0000000000944000-memory.dmp

Filesize
5.3MB

Download
memory/3084-441-0x0000000000400000-0x0000000000944000-memory.dmp

Filesize
5.3MB

Download
memory/3084-204-0x0000000000400000-0x0000000000944000-memory.dmp

Filesize
5.3MB

Download
memory/5900-454-0x0000000000400000-0x0000000000944000-memory.dmp

Filesize
5.3MB

Download
memory/6084-800-0x0000000000400000-0x0000000000944000-memory.dmp

Filesize
5.3MB

Download