hxxps://sourceforge[.]net/projects/autokeyboardpresser/files/latest/download

Resubmissions

16/06/2024, 13:34

240616-qt7b5aveqd 8

16/06/2024, 13:33

240616-qtlqesvenc 1

16/06/2024, 13:30

240616-qrxpxavejg 8

16/06/2024, 13:27

240616-qqbfaavdlf 8

Analysis

max time kernel
300s
max time network
285s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
16/06/2024, 13:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sourceforge.net/projects/autokeyboardpresser/files/latest/download

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
1444	Autosofted_Auto_Keyboard_Presser_1.9.exe

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x000200000002aa73-126.dat	autoit_exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1560405787-796225086-678739705-1000\{6476AAA2-E9BF-4A75-84F3-96D82ADC371E}	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 694886.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Autosofted_Auto_Keyboard_Presser_1.9.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
4504	msedge.exe
4504	msedge.exe
2120	msedge.exe
2120	msedge.exe
3120	msedge.exe
3120	msedge.exe
4960	identity_helper.exe
4960	identity_helper.exe
4984	msedge.exe
4984	msedge.exe
1444	Autosofted_Auto_Keyboard_Presser_1.9.exe
1444	Autosofted_Auto_Keyboard_Presser_1.9.exe
1972	msedge.exe
1972	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
1444	Autosofted_Auto_Keyboard_Presser_1.9.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe
3480	Autosofted_Auto_Keyboard_Presser_1.9.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 3400	2120	msedge.exe	80
PID 2120 wrote to memory of 3400	2120	msedge.exe	80
PID 2120 wrote to memory of 4268	2120	msedge.exe	81
PID 2120 wrote to memory of 4268	2120	msedge.exe	81
PID 2120 wrote to memory of 4268	2120	msedge.exe	81
PID 2120 wrote to memory of 4268	2120	msedge.exe	81
PID 2120 wrote to memory of 4268	2120	msedge.exe	81
PID 2120 wrote to memory of 4268	2120	msedge.exe	81
PID 2120 wrote to memory of 4268	2120	msedge.exe	81
PID 2120 wrote to memory of 4268	2120	msedge.exe	81
PID 2120 wrote to memory of 4268	2120	msedge.exe	81
PID 2120 wrote to memory of 4268	2120	msedge.exe	81
PID 2120 wrote to memory of 4268	2120	msedge.exe	81
PID 2120 wrote to memory of 4268	2120	msedge.exe	81
PID 2120 wrote to memory of 4268	2120	msedge.exe	81
PID 2120 wrote to memory of 4268	2120	msedge.exe	81
PID 2120 wrote to memory of 4268	2120	msedge.exe	81
PID 2120 wrote to memory of 4268	2120	msedge.exe	81
PID 2120 wrote to memory of 4268	2120	msedge.exe	81
PID 2120 wrote to memory of 4268	2120	msedge.exe	81
PID 2120 wrote to memory of 4268	2120	msedge.exe	81
PID 2120 wrote to memory of 4268	2120	msedge.exe	81
PID 2120 wrote to memory of 4268	2120	msedge.exe	81
PID 2120 wrote to memory of 4268	2120	msedge.exe	81
PID 2120 wrote to memory of 4268	2120	msedge.exe	81
PID 2120 wrote to memory of 4268	2120	msedge.exe	81
PID 2120 wrote to memory of 4268	2120	msedge.exe	81
PID 2120 wrote to memory of 4268	2120	msedge.exe	81
PID 2120 wrote to memory of 4268	2120	msedge.exe	81
PID 2120 wrote to memory of 4268	2120	msedge.exe	81
PID 2120 wrote to memory of 4268	2120	msedge.exe	81
PID 2120 wrote to memory of 4268	2120	msedge.exe	81
PID 2120 wrote to memory of 4268	2120	msedge.exe	81
PID 2120 wrote to memory of 4268	2120	msedge.exe	81
PID 2120 wrote to memory of 4268	2120	msedge.exe	81
PID 2120 wrote to memory of 4268	2120	msedge.exe	81
PID 2120 wrote to memory of 4268	2120	msedge.exe	81
PID 2120 wrote to memory of 4268	2120	msedge.exe	81
PID 2120 wrote to memory of 4268	2120	msedge.exe	81
PID 2120 wrote to memory of 4268	2120	msedge.exe	81
PID 2120 wrote to memory of 4268	2120	msedge.exe	81
PID 2120 wrote to memory of 4268	2120	msedge.exe	81
PID 2120 wrote to memory of 4504	2120	msedge.exe	82
PID 2120 wrote to memory of 4504	2120	msedge.exe	82
PID 2120 wrote to memory of 1592	2120	msedge.exe	83
PID 2120 wrote to memory of 1592	2120	msedge.exe	83
PID 2120 wrote to memory of 1592	2120	msedge.exe	83
PID 2120 wrote to memory of 1592	2120	msedge.exe	83
PID 2120 wrote to memory of 1592	2120	msedge.exe	83
PID 2120 wrote to memory of 1592	2120	msedge.exe	83
PID 2120 wrote to memory of 1592	2120	msedge.exe	83
PID 2120 wrote to memory of 1592	2120	msedge.exe	83
PID 2120 wrote to memory of 1592	2120	msedge.exe	83
PID 2120 wrote to memory of 1592	2120	msedge.exe	83
PID 2120 wrote to memory of 1592	2120	msedge.exe	83
PID 2120 wrote to memory of 1592	2120	msedge.exe	83
PID 2120 wrote to memory of 1592	2120	msedge.exe	83
PID 2120 wrote to memory of 1592	2120	msedge.exe	83
PID 2120 wrote to memory of 1592	2120	msedge.exe	83
PID 2120 wrote to memory of 1592	2120	msedge.exe	83
PID 2120 wrote to memory of 1592	2120	msedge.exe	83
PID 2120 wrote to memory of 1592	2120	msedge.exe	83
PID 2120 wrote to memory of 1592	2120	msedge.exe	83
PID 2120 wrote to memory of 1592	2120	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://sourceforge.net/projects/autokeyboardpresser/files/latest/download
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffed8d93cb8,0x7ffed8d93cc8,0x7ffed8d93cd8
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,4941332871984063361,8170701191698935659,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,4941332871984063361,8170701191698935659,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,4941332871984063361,8170701191698935659,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4941332871984063361,8170701191698935659,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4941332871984063361,8170701191698935659,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4941332871984063361,8170701191698935659,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4941332871984063361,8170701191698935659,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,4941332871984063361,8170701191698935659,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,4941332871984063361,8170701191698935659,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4941332871984063361,8170701191698935659,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4941332871984063361,8170701191698935659,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4941332871984063361,8170701191698935659,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4941332871984063361,8170701191698935659,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4941332871984063361,8170701191698935659,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1884,4941332871984063361,8170701191698935659,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7028 /prefetch:8
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,4941332871984063361,8170701191698935659,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4941332871984063361,8170701191698935659,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4941332871984063361,8170701191698935659,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:4600
- C:\Users\Admin\Downloads\Autosofted_Auto_Keyboard_Presser_1.9.exe
  "C:\Users\Admin\Downloads\Autosofted_Auto_Keyboard_Presser_1.9.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3480
- - C:\Users\Admin\Downloads\Autosofted_Auto_Keyboard_Presser_1.9.exe
    C:\Users\Admin\Downloads\Autosofted_Auto_Keyboard_Presser_1.9.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4941332871984063361,8170701191698935659,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4941332871984063361,8170701191698935659,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4941332871984063361,8170701191698935659,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4941332871984063361,8170701191698935659,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4941332871984063361,8170701191698935659,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2940 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4941332871984063361,8170701191698935659,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4941332871984063361,8170701191698935659,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1884,4941332871984063361,8170701191698935659,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1884,4941332871984063361,8170701191698935659,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3392 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4941332871984063361,8170701191698935659,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,4941332871984063361,8170701191698935659,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4696 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Autosofted License.txt

Filesize
42B

MD5
40dc555093acb3be2e0d582acb89215f

SHA1
38733e2af7cce34cd498684f94471d1eec0064b3

SHA256
49e57490269ac15161c504176cb0b49cc7807384830794c3dd422a392fc3f6d5

SHA512
95dc5705a13a0e87f3500d1b96aabcf87a9bced836526015525037651a517d3364c48f9a9648615d19fbf0d1f0edbd5425473cb2b9e5ca406fed9568bd0839b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f717f56b5d8e2e057c440a5a81043662

SHA1
0ad6c9bbd28dab5c9664bad04db95fd50db36b3f

SHA256
4286cd3f23251d0a607e47eccb5e0f4af8542d38b32879d2db2ab7f4e6031945

SHA512
61e263935d51028ec0aab51b938b880945a950cec9635a0dafddf795658ea0a2dfcf9cfc0cab5459b659bb7204347b047a5c6b924fabea44ce389b1cbb9867d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
196eaa9f7a574c29bd419f9d8c2d9349

SHA1
19982d15d1e2688903b0a3e53a8517ab537b68ed

SHA256
df1e96677bcfffe5044826aa14a11e85ef2ebb014ee9e890e723a14dc5f31412

SHA512
e066d74da36a459c19db30e68b703ec9f92019f2d5f24fd476a5fd3653c0b453871e2c08cdc47f2b4d4c4be19ff99e6ef3956d93b2d7d0a69645577d44125ac7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\914aaace-0088-48a4-acee-e89f98d764df.tmp

Filesize
7KB

MD5
d4de24f4a70f592f90825af38a796b1b

SHA1
0312a42db9a2c21ece9f27b4a16bef6bf5ff877c

SHA256
e4f17dee21f0e1dd212330ccc1e2209e23bfb72021d3954e583612edd677f93f

SHA512
6d6bc80c8f03801880e19c6087ce7b4ca8e3f2ee43d99fc314d219c43dfa59016355a2287794e823069349d4c5bfe0259377ebcfa4ff75af772b3d3540d17a66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
65KB

MD5
2e455d20330392f471bb82f94b4db358

SHA1
e976382a389bae4302cc713b4695e76f43332298

SHA256
62fd9333d870b1fde2e0f9aa333b93ccd988abbe578539f15915c22333268959

SHA512
ab752249dd5ae07a2df290aa8388c411da1b700af3e5b9ccbef104ec2830435229534629753a26406638c0198802bd3348041af76beb5424a951d8500fd8f31d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
91KB

MD5
f28973509eab060bcdf452c513e9376f

SHA1
52c5fbf886cf8d0b877e058fdb224883df1582b2

SHA256
f6d75d33e049e04a8ec08659202e07a7dd1886ac36622aed36c3c70f3dffb1ad

SHA512
955fee710fe7de08c9b7538358a1a8304c7a3577a2b89401a0b6bee566a75b1ce96efb77404d4938077e635e107ddea1355e593206782de4588e11329e97a54f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
17KB

MD5
7c66a748536ccbaa689d89dd713c015c

SHA1
51a9ddb74877310f353f3a583b6588758ba32717

SHA256
35a1960d8ac7356e4a2678f813d2be7446568c9e80d62744e1464b65e4f9537b

SHA512
0a6e5b76541cdd8a9ef94eee4d78d6bfa8edc496fee4ca1d9e7dded1a6213c46bd07de505040152eb09576ad8b966242ff347a774103fecd14b961d2f9e9b831

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
30KB

MD5
573a239973a95bec1903ead3b1d78ba0

SHA1
25d5e3b74c4b429f24b09a51c96d9fbe0ed61013

SHA256
10376487099599f9c75843177d6822f70b6a49fcf2bff1e9581589fd4d0cf8e4

SHA512
23f8d7e8b90a65c4111e30d8c6a7a6ce4f47c299aa39a570bca65570ee5551cf3642182e6c5f3e0910c0521dc90c15c1b29a4abe31e76a6aa2a54fe6c521d2e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
143KB

MD5
3fccc4bc9a9369d3725e5e6f6b3384cc

SHA1
01652d2ecdba50ea130ad57417256c74e89f8165

SHA256
e338c50cac6c323b0dc576228b09f550c4d1d4345ee9259668d4f91133dc0228

SHA512
1afa0092b7f794ae9d6dc1108f13f239863607f39dcccfa0b6af3812f0a2352f5240ef1e0004faf65755c20379da9f7cb5c5a08f96a289ed8bf172a45fbf7b24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
20KB

MD5
4b2026d30018fb08216cad5165da2a9e

SHA1
c689f4dcfcaf371494da6384254698ba3a1466f1

SHA256
64bb69d41b5874df1ee2f5695056990120355a7cc124ddfe577574574657de5c

SHA512
f73986bc249a29d32fb601a286420868819850901495f3521af993f7733fc2f9ce7069d7d963c5407e13358416a905f8e56558729e6500761c7671c45a051936

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
64KB

MD5
be676a6820a16101eed8dfe9bc39211d

SHA1
84a68584fffc1863f604984161abefe9ddd727c0

SHA256
49e7c48f632a33abfebbf881e504a833abc8b5cf87d7be4dfa9b5b3cc86749ae

SHA512
3ef3fa135bd1ea25660d9b3e3cd0995d1f542d608302e99bacc22640cc7045700391f001f5ba43c4bf89597b8058d533282e92f934b6bfb746c9f2940b96af32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
19KB

MD5
e78f9f9e3c27e7c593b4355a84d7f65a

SHA1
562ce4ba516712d05ed293f34385d18f7138c904

SHA256
75488ac5677083f252c43009f026c2ec023ac4da3e65c5d7a084742e32abce3d

SHA512
05f9fbbd59c286024b3ad49961c4e0eaa1abcf36ed29a1d07ea73d2b057075d46fbfdda56f135145f942bd0c3d48246c73be1771c21861eec4ddf8bbc365a286

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
69KB

MD5
2c5d4af27f0e230c62198ade697d92d9

SHA1
325d8f28b44c70726baa862fbb4ede8180589eb8

SHA256
ec6a2d5277ff4de593b08873db1cd9d5b87793e1d6c7d579842255f29285f978

SHA512
ec8b16f9020211bebeab1a4cd10df2735525586859e6bebcb34144012d4c64b3985e291a4a142bb9d18b7fa7a0d3f2d3b0fcbfb2935c8454afc134ce987d3562

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
41KB

MD5
3c5aac3450b3eaa0f417971ecaee7b69

SHA1
b3af55759f53c11420de104f5398f75e4610cf9d

SHA256
5a62b6653dff9c9f5b183c5010455b6c4c30750c0ad75af829d5b767d0a02562

SHA512
7eeeae645b45250d6b32454c052abd0cbff37fbc78b92006ec74a5d82d4c908f9bb9e873e9c1b2aaeb499c5639ffdc88a5ea550c5ab1064afdd09147d365fb71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
1.2MB

MD5
865ead1b179462b4277899837d587e1c

SHA1
82cae0600e604ea55f4db04deb8dfbffcc15fe64

SHA256
c54c21973676eea02f5cdcb6c9fab7b9af1dc51a3fcd63e499672c0d67854ace

SHA512
5384affc7d2115020a2136d33cbe21041b4629855c17f31de9561fbc6733771b71dfe904b93a355f19b329c454e6dd708956a3e6be5db5da652d76b090675f47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
864B

MD5
0bd1dd19c0c94697c8ba74f297add298

SHA1
7af1da8b5476c4e685476ce290c85cf869b98a96

SHA256
7360c04ac6cadf5403164a529e43b9c5ce232537925c16ce75c68c39a8535fb5

SHA512
3814e69fc9086d3b406c900da48e39c30a5406e9bd6567ad190b965d12d09fa6b1199ff30ed0460caf3f749b4e54f33a747c3099021549ca75b0ff07b9c7ad2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
2637e459947ebaa60e8c9d5823d9b30a

SHA1
4176e959de1abd7b75266175e0215be3399a75a7

SHA256
439e8f2c6cf93f5b9cebf8c4a30d36107d14b887992128395abe3878a8197ea7

SHA512
ca80d9e8f4b1dcf90f3d818a610dec4504f892c269d28c54829172c467ae58121a1c26d5659cd8cebe7f2a43525cba0426672e7247678a62e6e90064c1b0dca2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c7b1513462b683b099830d80c2f421f7

SHA1
185899895bd72b09d21109221db307a1d81f8d57

SHA256
d6700684fd618119fac919e76a9883ac08d5a9fb75987ec510b3ef45be49e118

SHA512
10c9651954b45e5eb54e57c5eb02743676c81942f59899a1417cfcc677de14696b7ec1c293dd437ca38fd44d0c41577e0c2368b27dd5f24e54d757d770cbf1d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
39f95a4d9655b1ee4ec3f3b01ee625c9

SHA1
fce91907854f6e7bc8787fc1c1843f482dc86c0d

SHA256
830b7be7c6850479834861ed12e310fde63619d6e8ba759bd7bc5e8b335c2e7e

SHA512
ef63ec3436f9fd4d9e8fac36f35a273dee0d7a0fa20d89ba106870d32aa8628ea03f16c7aece26212f286c5f8ba6aba47b19f4db56140767fe86b33f77b0bab5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d5b1dbbd43a2bc8141ccff11a65a4041

SHA1
530ae41c680c8e18e3dfb2224a6c9dcefabc87b1

SHA256
92f4ae38f936727823253bba215747b9e88fe51f4f88ae91d25bce4624575a2b

SHA512
e9bb15e44b7b57fe4e2ea49a5f08e440f243e2b91ac96f10936f55105e593e76fbda5bb40da55068d3f5423be70c016a41f370cc1c5ece7d7ee2c48852c9009a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2e1974e0850e8742eb7a8c65e5221703

SHA1
f948642dc64c712146fd6f2de6ef2d762cbffb50

SHA256
fe4d656db79270a8c0c942a5708b75486b231e1b7286b2b9f3367a91a5e5efa5

SHA512
f047cf66384eae92c14b2904de5351f0fcdf645993a7bc01d3ee16d905b16e9a7f7f9f6b1b20fab19786279ce1c1e7d8d28804a7f847cc8fbc8fa611c100e421

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f3416fe12f308529ae70781df163fe64

SHA1
a1c4392092a7dbab61ce8ff39d43c57109ee5683

SHA256
480f880cf25a966bf926c8d41e4206bbe8188c38e47bd054c10c3ebde8ecc6fb

SHA512
6418cd60f619df225e35c97a55337051d6e2302e9722051301f03bab63fdefd9dc364b8188741257c12395bf1d460ee2274100f9bccc81b0bd0242f9dda1878a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2c57505f28043d03d9042cec8751206e

SHA1
4bcf08c978ebb750297b352b069ee2585665f468

SHA256
4de218ad8902edc208d8695a7144316b71a2ee332b96166755ce5696922708bb

SHA512
0401bcb032ce6738a67d6b6208661dfc37e1beb2d1952f2736d81d224d611a4f173261872e24755348a27f747ed34f3ef672112ae162390323e4a962bd354e3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ca33a05f54e379542c9d82c142f2a007

SHA1
f66b1b68e65ad5d13279359765e4a2a696251a01

SHA256
7fcf04c927eaf4849939e25609f1c0ffd439c57a9c6ded5bb076625a08653270

SHA512
63f24b183dbd3f44fedbe9738b9ed1045b42f1e0a9c5a709af548a6bb901cfc05de2a90b51e52c3a850ca867f107e0f2848e4f8e9f0d1cf6b6f511962d62de11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d5bbf1beb6b840e4f98264ea757664b6

SHA1
4dbc9c032fb6fed955f5ef4eb6cc5abc689bab3b

SHA256
ff43433fdfb441d4c66e2d8dea739d8c8a26be8dd769ecd34b4397d2a38cc287

SHA512
ad3b89be598770ea48ea88e56f7c4c6a2b91dbba1f17bd0d3d3de19f9011b2a3f4169cffbc7dc0f0e6eb05b6d580fc1fcf6f2bd7193c275e1195c0d390f0b3b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8d54eaa918dbc7d8f579e03cb1b3c269

SHA1
4a1808dcb0818f11366e354a3ea5536ca0675061

SHA256
b97d0364db4f4ff6d9c4abacdb8aa17688367c002966a87e2d41eb5b4d0c9427

SHA512
5e6a76211b4d610136a4bf79f0f3bc1e50e1499ec8542421af2289e3650ea117fff4cb52fab13df1f443a7dd8ee42eb6dd65b754c678c4c71af8a6360c15a8cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
c6823930d3fdb5bed8c670c53f363e05

SHA1
8a336e759fa0877f21bf88386e40a6deb67fbc7f

SHA256
e9d289d362712b3d3a2dfc6f44d89b4133605824de6ecea60da54c29663d1e9b

SHA512
67a4b403183dabfab682235e8b31800d8c1521b87afd9dc6fbc5b34a8e4ca1496c326eee3ae0d32bc50e0b9d4056f705d174b2c7ce3881ee6e524ad94a517cfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
28a132e6eafd32022e2d1a9c3207f342

SHA1
59a3b8c8230275e80350af34fffbb77052a06da1

SHA256
056f948b9f8753ea055b0af0eb45048b228ac701baa243fa9a8180f699cfc82d

SHA512
fe7fd6c595be315ac5bc8a13bd5dcad33fb3f8189e2bc44d06716bcdacd164fcf28a45401c18b3493be39f16c179e240617aa14fa893207a3decf9f08404763e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
3c124c07546b644077d86919d07d8a97

SHA1
d43e57536afdeb994c7c0e9980e77d880d99bbd8

SHA256
33df9cdf497fab692b896c147ccdf59e7025f84443282e483a5ad09b658da37e

SHA512
3bf7d51cedfddfb63a0699ebc5156a2b917b67c0447c656c77bc6e010f79f6ad4bb2ee9f1aa400e98536fb8168f26e3d3cd5a9f8286b0f3e9108e6b204f35c52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
248440380539d1a9d241dcbdca7ee6e3

SHA1
6bee062956e76e2581fa9e1e8a23ad5d8af5811d

SHA256
38259e5f7b7f45585934cfd3a44a402353cbad16a36020eb0f8462a0ef764ff5

SHA512
198e54a062507cc1b92a5671419c0cea57bd669f996903ef7b57226a2a24482081f1b7a6d482614eb582cf8cbb7460ed7f0044d00ead0368bf796ef886ec2b01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
8778201d85c5b7684800cbc31e0b26b9

SHA1
c3d9c4c0ae5746d91fcbd852f11754cb78e7f1b6

SHA256
3f5a77f9bf21ed3b16864314849539fd5f15cf32b673ef4ba00719055ec99ca1

SHA512
7e215e48296474f10cd8ada7afcc1a18478f23b21236a124d572484782428bc3c167ad8af102863ec19e22f5e416a5f3687eb664bb5a9c809444db27c1832a97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580318.TMP

Filesize
370B

MD5
b493df1ba26ac8fcc47ada435e40faff

SHA1
6ec23dbcff6a0327157f43155add0b8762627889

SHA256
c61c2da50042556d546272be0e3b284336399590e3e284b403d9eb1284c197de

SHA512
3038640b03a2023ea501a3f4ca34d36dadcd6031e7f26461a1cc73f806fd3d0cd800b0b72e4132fa0ad8794fc5c9a53622743664595d0836dee25c2070ae414f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3884119930ef2c10371c8f8fb7ee03e6

SHA1
8202b054f850036d74d312c94d2175f2a6fad444

SHA256
1247a3424f7c3cae9c407d415a5a92ff76e70043b131bbf34f5fcc3340094d50

SHA512
f6c44aea281ca52e371dee070645181bc5ca8dd664c7f383bb30a799cee9c193bd6bfea2c41a66128e63322255d414066392681261b2cacf7c1afc80f4c90f17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
55a73b9b7027b9805bef0fb059ca48bc

SHA1
c6db52a5d657931565bc0176d2bc779ee02d0e92

SHA256
b8cfcae8635f48e75f8a07684db05dc7692fa678e6a1b3d0b4d28bcc0f1da943

SHA512
fb86471be0015ea7021b3e804a4cd2916e6d84541d9644f8456abf55f8d6cf592c6e897e1457f13073ea4a8621f10315e52deecaf6b672e3e680924e07a05fd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Autosofted Keyboard Presser Config.txt

Filesize
51B

MD5
352d67a4ad8b08a7c7d6c79d9984a2fd

SHA1
87369159c77e26013391534193fc2d6b45f9960c

SHA256
31c6a4f11837167448108e12ec8a34e6328b3b791c1f46218dc0979136035ea2

SHA512
c11a423b4a0535c66c9f5404ae137ff2fd31b98756fd3fbe461b632d630843a72de7aa2ffdc43177b655be5a0a62b8918771ed5e487f2232490292caf71cb71f

Download Submit
C:\Users\Admin\Downloads\Autosofted_Auto_Keyboard_Presser_1.9.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 694886.crdownload

Filesize
1.0MB

MD5
e60e845933d747c615286b762630919a

SHA1
948d219d89dae0a277519978b751cb70991eb577

SHA256
c21996d9bf78dc7172b5eaca6d2dedbb17ef0f86e9b23a6363550183e52778d8

SHA512
7a4210fd3a5e3542057fba5a86735ca69dc80b43cfc38c88d62423c6d297d51d8a150a97acb75af6840862d098168f711fba218124c8271ede5961e1e1e26907

Download Submit