hxxps://www[.]autohotkey[.]com

Resubmissions

29/08/2024, 15:00

240829-sc93sszbpm 8

29/08/2024, 14:56

240829-saz5tazaqm 8

Analysis

max time kernel
171s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/08/2024, 15:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.autohotkey.com

Score

8^/10

discovery evasion trojan upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 6 IoCs

pid	Process
812	AutoHotkey_1.1.37.02_setup.exe
3376	setup.exe
4384	AutoHotkey_2.0.18_setup.exe
4632	AutoHotkey_2.0.18_setup.exe
4384	AutoHotkeyUX.exe
2204	AutoHotkeyUX.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000b000000023498-226.dat	upx
behavioral1/memory/4384-430-0x0000000000400000-0x000000000094C000-memory.dmp	upx
behavioral1/memory/4384-433-0x0000000000400000-0x000000000094C000-memory.dmp	upx
behavioral1/memory/4632-627-0x0000000000400000-0x000000000094C000-memory.dmp	upx
behavioral1/memory/4632-833-0x0000000000400000-0x000000000094C000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	setup.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\WindowSpy.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\launcher.ahk	AutoHotkey_2.0.18_setup.exe
File opened for modification	C:\Program Files\AutoHotkey\v2\RCXE595.tmp	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\reset-assoc.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\WindowSpy.ahk	AutoHotkey_2.0.18_setup.exe
File opened for modification	C:\Program Files\AutoHotkey\v2\AutoHotkey32.exe	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\EnableUIAccess.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\ui-base.ahk	AutoHotkey_2.0.18_setup.exe
File opened for modification	C:\Program Files\AutoHotkey\v2\RCXF1BB.tmp	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\v2\AutoHotkey.exe	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\Install.cmd	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\ui-dash.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\inc\README.txt	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\v2\AutoHotkey32_UIA.exe	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\ui-launcherconfig.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\bounce-v1.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\spy.ico	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\inc\GetGitHubReleaseAssetURL.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\Templates\Minimal for v2.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\ui-editor.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\ui-launcherconfig.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\inc\config.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\inc\ShellRun.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\install-version.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\reload-v1.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\GetGitHubReleaseAssetURL.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\install-version.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\launcher.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\reload-v1.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\reset-assoc.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\WindowSpy.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\CreateAppShortcut.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\launcher-common.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\ShellRun.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\inc\common.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\v2\AutoHotkey64.exe	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\install-ahk2exe.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\ui-setup.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\identify.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\AutoHotkey64.exe	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\ui-dash.ahk	AutoHotkey_2.0.18_setup.exe
File opened for modification	C:\Program Files\AutoHotkey\v2\RCXBDC8.tmp	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\v2\AutoHotkey.chm	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\ui-uninstall.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\common.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\AutoHotkey32.exe	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\inc\CommandLineToArgs.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\inc\identify.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\install.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\identify_regex.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\v2\AutoHotkey64_UIA.exe	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\WindowSpy.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\inc\bounce-v1.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\Templates\Minimal for v2.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\inc\identify_regex.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\ui-editor.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\ui-newscript.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\ui-setup.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\CommandLineToArgs.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\install.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\ui-newscript.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\inc\HashFile.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\config.ahk	AutoHotkey_2.0.18_setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AutoHotkey_1.1.37.02_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AutoHotkey_2.0.18_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AutoHotkey_2.0.18_setup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133694172142237844"	chrome.exe

Modifies registry class 50 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell\RunAs	AutoHotkey_2.0.18_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\RunAs\AppUserModelID = "AutoHotkey.AutoHotkey"	AutoHotkey_2.0.18_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell\Open	AutoHotkey_2.0.18_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\RunAs	AutoHotkey_2.0.18_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell\Open\Command	AutoHotkey_2.0.18_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Open\ = "Run script"	AutoHotkey_2.0.18_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\RunAs\Command\ = "\"C:\\Program Files\\AutoHotkey\\UX\\AutoHotkeyUX.exe\" \"C:\\Program Files\\AutoHotkey\\UX\\launcher.ahk\" \"%1\" %*"	AutoHotkey_2.0.18_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Launch\Command	AutoHotkey_2.0.18_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Edit	AutoHotkey_2.0.18_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.ahk\ShellNew	AutoHotkey_2.0.18_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\ = "Open runas UIAccess Edit"	AutoHotkey_2.0.18_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\UIAccess	AutoHotkey_2.0.18_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell\Launch	AutoHotkey_2.0.18_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell\Launch\Command	AutoHotkey_2.0.18_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Launch\Command\ = "\"C:\\Program Files\\AutoHotkey\\UX\\AutoHotkeyUX.exe\" \"C:\\Program Files\\AutoHotkey\\UX\\launcher.ahk\" /Launch \"%1\" %*"	AutoHotkey_2.0.18_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\AppUserModelID = "AutoHotkey.AutoHotkey"	AutoHotkey_2.0.18_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell	AutoHotkey_2.0.18_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell\UIAccess	AutoHotkey_2.0.18_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.ahk\ = "AutoHotkeyScript"	AutoHotkey_2.0.18_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript	AutoHotkey_2.0.18_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\ = "AutoHotkey Script"	AutoHotkey_2.0.18_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Open\Command\ = "\"C:\\Program Files\\AutoHotkey\\UX\\AutoHotkeyUX.exe\" \"C:\\Program Files\\AutoHotkey\\UX\\launcher.ahk\" \"%1\" %*"	AutoHotkey_2.0.18_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell\RunAs\Command	AutoHotkey_2.0.18_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\UIAccess\ = "Run with UI access"	AutoHotkey_2.0.18_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\DefaultIcon\ = "C:\\Program Files\\AutoHotkey\\UX\\AutoHotkeyUX.exe,1"	AutoHotkey_2.0.18_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell	AutoHotkey_2.0.18_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell\Edit\Command	AutoHotkey_2.0.18_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Edit\Command	AutoHotkey_2.0.18_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.ahk\PersistentHandler\ = "{5e941d80-bf96-11cd-b579-08002b30bfeb}"	AutoHotkey_2.0.18_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\UIAccess\AppUserModelID = "AutoHotkey.AutoHotkey"	AutoHotkey_2.0.18_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript	AutoHotkey_2.0.18_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell\Edit	AutoHotkey_2.0.18_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.ahk	AutoHotkey_2.0.18_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Open\AppUserModelID = "AutoHotkey.AutoHotkey"	AutoHotkey_2.0.18_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\UIAccess\Command\ = "\"C:\\Program Files\\AutoHotkey\\UX\\AutoHotkeyUX.exe\" \"C:\\Program Files\\AutoHotkey\\UX\\launcher.ahk\" /runwith UIA \"%1\" %*"	AutoHotkey_2.0.18_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Edit\Command\ = "\"C:\\Program Files\\AutoHotkey\\UX\\AutoHotkeyUX.exe\" \"C:\\Program Files\\AutoHotkey\\UX\\ui-editor.ahk\" \"%1\""	AutoHotkey_2.0.18_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Open\FriendlyAppName = "AutoHotkey Launcher"	AutoHotkey_2.0.18_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Launch	AutoHotkey_2.0.18_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.ahk\PersistentHandler	AutoHotkey_2.0.18_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\DefaultIcon	AutoHotkey_2.0.18_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\RunAs\Command	AutoHotkey_2.0.18_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Launch\ProgrammaticAccessOnly	AutoHotkey_2.0.18_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Edit\ = "Edit script"	AutoHotkey_2.0.18_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Launch\ = "Launch"	AutoHotkey_2.0.18_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.ahk\ShellNew\Command = "\"C:\\Program Files\\AutoHotkey\\UX\\AutoHotkeyUX.exe\" \"C:\\Program Files\\AutoHotkey\\UX\\ui-newscript.ahk\" \"%1\""	AutoHotkey_2.0.18_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\RunAs\HasLUAShield	AutoHotkey_2.0.18_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell\UIAccess\Command	AutoHotkey_2.0.18_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\UIAccess\Command	AutoHotkey_2.0.18_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Launch\AppUserModelID = "AutoHotkey.AutoHotkey"	AutoHotkey_2.0.18_setup.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D8715CD4FDB0D495B166476FB89AB01CA2D846B1\Blob = 030000000100000014000000d8715cd4fdb0d495b166476fb89ab01ca2d846b10200000001000000840000001c0000003400000001000000000000000000000000000000020000004100750074006f0048006f0074006b0065007900000000004d006900630072006f0073006f006600740020005300740072006f006e0067002000430072007900700074006f0067007200610070006800690063002000500072006f007600690064006500720000002000000001000000e1010000308201dd30820146a00302010202101d5a223e72c5a4964f5c3992d04a0c80300d06092a864886f70d01010505003015311330110603550403130a4175746f486f746b65793020170d3234303832393135303233385a180f39393939303130313132303030305a3015311330110603550403130a4175746f486f746b657930819f300d06092a864886f70d010101050003818d0030818902818100c456b657aa261d1def668d4ed94499d6c08ecf50a2b7c8900382cf99667838ab1d009cdbc91bd15f2676593a3e6eb95c1c57302c571c63235660aef0aee2ac55e8844a2daa91bdb5bfacdebab3a7bf737c53db593faa08e035c8e8e34627cef1abc288abc4aaa96fc80c4fed9a8df01a6435b5c396f1afbf2a3602d4a280ea750203010001a32c302a30100603551d040101ff040630040302049030160603551d250101ff040c300a06082b06010505070303300d06092a864886f70d01010505000381810093c8ce6aac930e956ce14a47b3fb2a5d25cad1987ba41e22262b7d16e1c698732bc3d6f1add2004d6322b229977926c8773e5ad0fa2b6c32e98d3daa8aa23c635ec5b7bd2ff353a5fe812feebd744dcb4733dbb8731a3fc163b8e1b36b09f53ee14146016c81b475012f1eee1fae41a121c1d7b26de6d496e88c5a6fa16e668f	AutoHotkey_2.0.18_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D8715CD4FDB0D495B166476FB89AB01CA2D846B1	AutoHotkey_2.0.18_setup.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4176	chrome.exe
4176	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe

Suspicious use of FindShellTrayWindow 46 IoCs

pid	Process
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4384	AutoHotkeyUX.exe
4384	AutoHotkeyUX.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4384	AutoHotkeyUX.exe
4384	AutoHotkeyUX.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
812	AutoHotkey_1.1.37.02_setup.exe
3376	setup.exe
3376	setup.exe
3376	setup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4176 wrote to memory of 1884	4176	chrome.exe	84
PID 4176 wrote to memory of 1884	4176	chrome.exe	84
PID 4176 wrote to memory of 712	4176	chrome.exe	85
PID 4176 wrote to memory of 712	4176	chrome.exe	85
PID 4176 wrote to memory of 712	4176	chrome.exe	85
PID 4176 wrote to memory of 712	4176	chrome.exe	85
PID 4176 wrote to memory of 712	4176	chrome.exe	85
PID 4176 wrote to memory of 712	4176	chrome.exe	85
PID 4176 wrote to memory of 712	4176	chrome.exe	85
PID 4176 wrote to memory of 712	4176	chrome.exe	85
PID 4176 wrote to memory of 712	4176	chrome.exe	85
PID 4176 wrote to memory of 712	4176	chrome.exe	85
PID 4176 wrote to memory of 712	4176	chrome.exe	85
PID 4176 wrote to memory of 712	4176	chrome.exe	85
PID 4176 wrote to memory of 712	4176	chrome.exe	85
PID 4176 wrote to memory of 712	4176	chrome.exe	85
PID 4176 wrote to memory of 712	4176	chrome.exe	85
PID 4176 wrote to memory of 712	4176	chrome.exe	85
PID 4176 wrote to memory of 712	4176	chrome.exe	85
PID 4176 wrote to memory of 712	4176	chrome.exe	85
PID 4176 wrote to memory of 712	4176	chrome.exe	85
PID 4176 wrote to memory of 712	4176	chrome.exe	85
PID 4176 wrote to memory of 712	4176	chrome.exe	85
PID 4176 wrote to memory of 712	4176	chrome.exe	85
PID 4176 wrote to memory of 712	4176	chrome.exe	85
PID 4176 wrote to memory of 712	4176	chrome.exe	85
PID 4176 wrote to memory of 712	4176	chrome.exe	85
PID 4176 wrote to memory of 712	4176	chrome.exe	85
PID 4176 wrote to memory of 712	4176	chrome.exe	85
PID 4176 wrote to memory of 712	4176	chrome.exe	85
PID 4176 wrote to memory of 712	4176	chrome.exe	85
PID 4176 wrote to memory of 712	4176	chrome.exe	85
PID 4176 wrote to memory of 2404	4176	chrome.exe	86
PID 4176 wrote to memory of 2404	4176	chrome.exe	86
PID 4176 wrote to memory of 2448	4176	chrome.exe	87
PID 4176 wrote to memory of 2448	4176	chrome.exe	87
PID 4176 wrote to memory of 2448	4176	chrome.exe	87
PID 4176 wrote to memory of 2448	4176	chrome.exe	87
PID 4176 wrote to memory of 2448	4176	chrome.exe	87
PID 4176 wrote to memory of 2448	4176	chrome.exe	87
PID 4176 wrote to memory of 2448	4176	chrome.exe	87
PID 4176 wrote to memory of 2448	4176	chrome.exe	87
PID 4176 wrote to memory of 2448	4176	chrome.exe	87
PID 4176 wrote to memory of 2448	4176	chrome.exe	87
PID 4176 wrote to memory of 2448	4176	chrome.exe	87
PID 4176 wrote to memory of 2448	4176	chrome.exe	87
PID 4176 wrote to memory of 2448	4176	chrome.exe	87
PID 4176 wrote to memory of 2448	4176	chrome.exe	87
PID 4176 wrote to memory of 2448	4176	chrome.exe	87
PID 4176 wrote to memory of 2448	4176	chrome.exe	87
PID 4176 wrote to memory of 2448	4176	chrome.exe	87
PID 4176 wrote to memory of 2448	4176	chrome.exe	87
PID 4176 wrote to memory of 2448	4176	chrome.exe	87
PID 4176 wrote to memory of 2448	4176	chrome.exe	87
PID 4176 wrote to memory of 2448	4176	chrome.exe	87
PID 4176 wrote to memory of 2448	4176	chrome.exe	87
PID 4176 wrote to memory of 2448	4176	chrome.exe	87
PID 4176 wrote to memory of 2448	4176	chrome.exe	87
PID 4176 wrote to memory of 2448	4176	chrome.exe	87
PID 4176 wrote to memory of 2448	4176	chrome.exe	87
PID 4176 wrote to memory of 2448	4176	chrome.exe	87
PID 4176 wrote to memory of 2448	4176	chrome.exe	87
PID 4176 wrote to memory of 2448	4176	chrome.exe	87
PID 4176 wrote to memory of 2448	4176	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.autohotkey.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe5c8bcc40,0x7ffe5c8bcc4c,0x7ffe5c8bcc58
  2⤵
  PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1888,i,10630678716775854323,14793835744701557240,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2144,i,10630678716775854323,14793835744701557240,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2444,i,10630678716775854323,14793835744701557240,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2440 /prefetch:8
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,10630678716775854323,14793835744701557240,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,10630678716775854323,14793835744701557240,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4660,i,10630678716775854323,14793835744701557240,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4672 /prefetch:8
  2⤵
  PID:952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5172,i,10630678716775854323,14793835744701557240,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5176,i,10630678716775854323,14793835744701557240,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5308,i,10630678716775854323,14793835744701557240,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4716,i,10630678716775854323,14793835744701557240,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4400,i,10630678716775854323,14793835744701557240,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=1032,i,10630678716775854323,14793835744701557240,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5480,i,10630678716775854323,14793835744701557240,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4712,i,10630678716775854323,14793835744701557240,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  PID:2044

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3984

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2316

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3668

C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup.exe
"C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:812
- C:\Users\Admin\AppData\Local\Temp\7z82CD232C\setup.exe
  C:\Users\Admin\AppData\Local\Temp\7z82CD232C\setup.exe
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3376

C:\Users\Admin\Downloads\AutoHotkey_2.0.18_setup.exe
"C:\Users\Admin\Downloads\AutoHotkey_2.0.18_setup.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4384
- C:\Users\Admin\Downloads\AutoHotkey_2.0.18_setup.exe
  "C:\Users\Admin\Downloads\AutoHotkey_2.0.18_setup.exe" /to "C:\Program Files\AutoHotkey"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Modifies system certificate store
  PID:4632
- - C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe
    "C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe" "C:\Program Files\AutoHotkey\UX\reset-assoc.ahk" /check
    3⤵
    - Executes dropped EXE
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:4384

C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe
"C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe" UX\ui-dash.ahk
1⤵
- Executes dropped EXE
PID:2204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\AutoHotkey32.exe

Filesize
955KB

MD5
79df35982c6d7de66155a01505c00bf1

SHA1
e9e488f574ffb40dd62922328c4edec07b3d1a0c

SHA256
fe0b57163bcf3d4542d902570b48665523d9293090496f990bb76ed421173f3c

SHA512
643e8e0ef47afa87f81fb995a9e5c6d58a8a57c7a824fe91f3ddcb017a867578c0ac0ad9f05435418b9645805a07b97487f814e09e125d77ffb6bc7ed3b8f147

Download Submit
C:\Program Files\AutoHotkey\UX\Templates\Minimal for v2.ahk

Filesize
93B

MD5
cdc8756680c459bd511d2bd2895fe2b2

SHA1
a7ea57fd628cfe2f664f2647510c6a412c520dfb

SHA256
7f618d3ca343a0739a52a4a3c4f5b963ed98dc077b60c65fdc77d70fb0ec12d3

SHA512
101722eb5bba352d557e7d70704e24a54a129276857e8cc13f40da26dfa9267a67de79e52a0f552ff676d1825d0fb2eb467837b397d2e6905fa90d6891bccd45

Download Submit
C:\Program Files\AutoHotkey\UX\WindowSpy.ahk

Filesize
7KB

MD5
e2067d978526b83a1da967f16a69c125

SHA1
08000fb66e6f1b1fcd450f32e1757a39b3a7ba16

SHA256
040404a4def02f17cdafda938f5b63fc2181940ba1290da5742db0862c07166e

SHA512
a453669b15c18f24a989a57441f961861578c09c145a4364c982410e5e05ab09b05ad4a77929ccf4ab9e00e5e3d73029a13660156bf4eef9011accfd59800ea0

Download Submit
C:\Program Files\AutoHotkey\UX\inc\CommandLineToArgs.ahk

Filesize
352B

MD5
e8d9a7e78d6a2a40bfb532b4812bde59

SHA1
5674b63092a69c419a42bab9e7462bde3bdb3cad

SHA256
a6c51e2188e31e3510577263d7b96db147b0df3dfa24c96df8fdd9d73da859ee

SHA512
dd7d78c7724dca4684c732b0f3f8e73af67610de8945255b48b9301672ac0b4f405c802a8cd4c343d53266f492d2d0dcd2727b5ebdb9e90cfc9173876b9ab905

Download Submit
C:\Program Files\AutoHotkey\UX\inc\CreateAppShortcut.ahk

Filesize
1KB

MD5
2ffbde65b63790c5aa12996e9ef9068c

SHA1
a793986e4e72d5b5a866e927855eacc3a0399a7a

SHA256
40a6f0cda5fd1dff324cab288bb453aa60b41b09dacbfbc64f2d871423f33935

SHA512
315b2803c8e803b238e87de63a5737350e41d248f67c54662341ca889c3bd5fc6fc2f516ca20f1ff4d74fca4af247b64ec7795d4c4e8990fffce49bbf037a906

Download Submit
C:\Program Files\AutoHotkey\UX\inc\EnableUIAccess.ahk

Filesize
10KB

MD5
65d05ec61cca0547e218655e65e5ea7c

SHA1
1cf93558bb9f1ae5a055b3f9085bf4166b7f43dd

SHA256
a9a824a763195e5810bf904854af7ed41c025527b2b8faa7532c6f24189d69b9

SHA512
65172fa0f9148106e44fde99e0bcad173c4eef405a19b1f54961f2a248f6e6b0a05568d728e83d6582113d0d12a5e87ce763c53271c4d52b9362b19e22ea7d23

Download Submit
C:\Program Files\AutoHotkey\UX\inc\GetGitHubReleaseAssetURL.ahk

Filesize
844B

MD5
1a8ab9bb38fd0da51d03dc48e3a0b2ea

SHA1
5c74ddd45c91a39b921139881c76c48c97e35825

SHA256
48a3f822a720b8e9b41165a1d19d56411d1f58036338ebd07ab40f2a14cf0f1b

SHA512
1b88603fb9eb28e717cb77623ff0159f5f45e677c34316dc0c5d5c2ed46c59f10d3afb532b1f99920f91b8098e544873f944b1e0e575efd694dd24bdca22c14e

Download Submit
C:\Program Files\AutoHotkey\UX\inc\HashFile.ahk

Filesize
2KB

MD5
727ae6f2ec77a5b56774df9da14636d2

SHA1
8216a2122c825127ca59b05b0bae0d57e92f1110

SHA256
84032ecac8ed334cf8788a81bea721b0af5cd7ca7dca57b60cdec3556ae33914

SHA512
f1058216b5d1b8d590eb4cafd5139f71f8df5f96a3fcc314a7635cb1b99de8623d87c57c567868ebdafb09925b8d13fdadcee49fa89f1a239725a92b948272cc

Download Submit
C:\Program Files\AutoHotkey\UX\inc\README.txt

Filesize
182B

MD5
4b095aae00456aa248024a184671e4d5

SHA1
84ae516fbc62ce0aa10ffeacd7ba865a35a0a375

SHA256
d65c6e73417e6bba7a619f2e68933b74e6ae6141277b65542aed9b6acdfc83ff

SHA512
77aabe92719d8fc7a28c76f3b76fa2e42a188db14f004262d8e913620aa990cde29119b82d919511fc0d828ca0a108ea79858ba158b6a8ed6a260b72b4ee229d

Download Submit
C:\Program Files\AutoHotkey\UX\inc\ShellRun.ahk

Filesize
420B

MD5
9e53fca8c7f6a9ee179f0fc0a7890ea3

SHA1
dc2a1bf437eea36b3f5ba9318f3b391b405d5cb2

SHA256
ea67340c555fdc1abf8e324ac550ac37d2ba5f96a8edef120e72fb340f8f95c0

SHA512
cad5c07f952fb93413b4a3990c522ba4b446ae41f11c8dd323bdcde1b30fbfd76515606d5dc4bcb8768bd382cdb82553801539a192b002696d253341f3c0dbc5

Download Submit
C:\Program Files\AutoHotkey\UX\inc\bounce-v1.ahk

Filesize
142B

MD5
165b8fc572f943e3665994f87f1772b7

SHA1
265ca3d2a66a7e1807962eb7e8a444cefb61bc0c

SHA256
9b75c7f804d1d55807459e6f06db2bee8e1fb60ce9c9340d44a7b491ce53b982

SHA512
e675453eef9a10560cb9ea95e993d8068c8dfca3664a140b6ba33361d0736632b8ce3a37770411583f558476173294bcc12b83bf33190d89eb009bfb9bb5f0af

Download Submit
C:\Program Files\AutoHotkey\UX\inc\common.ahk

Filesize
688B

MD5
dac79ad5a978f0497de70a005b6a6084

SHA1
db100ce15998772fe322679468f46b0f25239eb4

SHA256
dbc1420c9368e954176cd1bc38c0bf5498d721cb7dee50b5abef51611a33c658

SHA512
9f2a2c0e01724ef82860cfb97fbe6196d29b3b41080f04b3f51653f2f535849428b0a245bc954aa57569aa660d5a5a20d2d1e0dbb9081d718bf2deddb051f47c

Download Submit
C:\Program Files\AutoHotkey\UX\inc\config.ahk

Filesize
429B

MD5
248b58535f55eb55d9baec04a384b5e6

SHA1
76d067318b67da9a3da71a232a887c8935c7068f

SHA256
4d1f241a0c973e30f1bf19e71cadb386b872a14bf0c29d32d4781a56cafd998a

SHA512
0186eb49da706c6cc6f48ecd94a4996c258ecea10bed26b9c79bddf0f7eca32df1449166309237859ca2508427bf79d447a2202eaeba211228da9822646cf23a

Download Submit
C:\Program Files\AutoHotkey\UX\inc\identify.ahk

Filesize
1KB

MD5
3e5c97e6c3a76686329c81fba864b26b

SHA1
ec111d01a5299de2ca93c5441e92bb49d9d5e710

SHA256
f5b97911887c303b6859de44eff73780309e31e931dcba86a66aaafbe932af72

SHA512
c70ba459abb2c35edfd62dfbe6efb9c54d5341802a72ac7d6b3b63877f28a97a974b96b6de747e29909550d6ba2c5d14da40bef6d91841c5c8c5a903697307c7

Download Submit
C:\Program Files\AutoHotkey\UX\inc\identify_regex.ahk

Filesize
3KB

MD5
f27f09d324016bd49d2da38901e79a61

SHA1
f2af4ea1ca36dc4ed53ba3a5817b83d457c9029c

SHA256
c2563ab626df892398083404acecc5229300ba7dc6077b120844c65facfad854

SHA512
1dd5a6ddf87a3026f5b2d468197173af0c4e6c2eeab64113bcd2bbd56be46089e546f694fea2416aadc9c2669070b29ef26ec689dfbe73def8af6fd0de310d04

Download Submit
C:\Program Files\AutoHotkey\UX\inc\launcher-common.ahk

Filesize
2KB

MD5
65029d2c4fd46ea517b13d615a0584f5

SHA1
fb924c85e3e032b997aa86f85964516849baeb27

SHA256
220629b006d13b24afb3367abeea424c5b4103ac0c5a137fdc9d98047cdd908f

SHA512
c1346142f1b6dd5bd9a0d8cc9aac843e117f646f09a7ac40488ab513781d0162504249d7305e63080363bd273ffbb9d5f29c6dd860b9a80928aba944cfd51a0c

Download Submit
C:\Program Files\AutoHotkey\UX\inc\spy.ico

Filesize
4KB

MD5
eeecd8af162d3f318496e0e60d6d8c57

SHA1
31a99c80e4f1033914ce9344e95b84571f76ad2d

SHA256
968473df8eac7264d9e84e6ae91a4d706cda9f89f345d182617b161ef4fe1a7b

SHA512
6f55968adf7f2f02e128945016ed0c4d003c9640e4cbfc7b22b82374647e6ebdb07c02e99240da369789f4107d2c130e54d4acb1324455fd26668c4d1d009884

Download Submit
C:\Program Files\AutoHotkey\UX\inc\ui-base.ahk

Filesize
4KB

MD5
f4251e653dbbbdd8cf4640bd9855c207

SHA1
d08b6e5796150aa1436fd3da39bfc5fdbaaee297

SHA256
deffd87d99ff125eccac2331a8ba4e3a0044e150e80316e9469dd57f322beda1

SHA512
86896ccb0acbd27eeefe6e02747958cafcca31541638435dfe9f08d89b763144f6b5fb521df11dce4c3f46b186de4905f56ebcc7c57d4c29ef2a0731a6492698

Download Submit
C:\Program Files\AutoHotkey\UX\install-ahk2exe.ahk

Filesize
1KB

MD5
c90bed0679b789b74e4865ae6f2709a3

SHA1
b0dbee6a237ba93daec76a0553cd3254821d60a1

SHA256
c242ebb51241acab13152d95cdb05be5382ffb97f3dca2da3a4e5a084c2e3ff4

SHA512
f8dfe5c558b427e05905b2a3d8a09632347edf945d47ed4fc82ec38a9045f5837a798ef669f0fdae6504d9eee6762c49c8e6c32adac0f6a3e6c2eed6d48e64b2

Download Submit
C:\Program Files\AutoHotkey\UX\install-version.ahk

Filesize
4KB

MD5
30b87fbfadc592c38be9d82edf597fa3

SHA1
1ff5d720858a38bdd2e21a5a492938c07b2811a5

SHA256
1e59921bcddb3c41651eb01605cdefcdee3c6adec5db6b7cafb7ab801ead5e1e

SHA512
79a407cad251f45d13c0505cdf7e27a281455e3eefe1f7fc5aedd658297351ac7dbbce21065a29ed9d86c6b908a175cd83201e0d60e972865e6258c2f8c145a7

Download Submit
C:\Program Files\AutoHotkey\UX\install.ahk

Filesize
40KB

MD5
a3caa9963c9133c2a14a4e36d62761e3

SHA1
7034faaf46b2fe7c36370eaf4677357bb0950a57

SHA256
f628edfece15db0061fdfe96724266a3cfaaec396524a94b574e22e6e3970c40

SHA512
90212e732a55b7d478ff4e5b629ac950656290cb81500ba47d8282091963899b15117d0ce4db36f9bfe4ab93235374f797aa09d4f20f70f156458e9911867301

Download Submit
C:\Program Files\AutoHotkey\UX\launcher.ahk

Filesize
17KB

MD5
596b69069bbbcc9a22ac26bba6efe546

SHA1
694cec54200ff1ec70dc56320c577b652884b53d

SHA256
830db4be4c8320f23ff32316dac933d4e72d9056ea5a819cc12c38614da6e06f

SHA512
1c18acf4403915c6a2562f5e26c0ed7c4fc00e9d67d19622d1db8bb9338ff6d6e8bf9abe7317f1b529ef1c24901b45c3b13dc3b734d97582c91b206bee9aa8f8

Download Submit
C:\Program Files\AutoHotkey\UX\reload-v1.ahk

Filesize
556B

MD5
35f4753a58432446b99bf89a9e930bf5

SHA1
babc3341d9d95865a36ea9a20549a61146093006

SHA256
e4659306a755b583e9cef5fdba3b3eb102d8939fb028afd91aad4496e758fad5

SHA512
ac3483a17ead5173ce40a6af55c3c2361652fefd94c0bd82e004df8186ffc31eab194534a25fe995d677f2f71363095d177c01afb6ae50f2b63ba156855ef5e5

Download Submit
C:\Program Files\AutoHotkey\UX\reset-assoc.ahk

Filesize
2KB

MD5
0299132478b49e3eb706c214bf32e62f

SHA1
9705c410b9f515269c512c64129ced8e0b1b23d2

SHA256
d26caef44190e0b612c3e4309ff6689dc2953c72cb3de1c94d002250b089f16b

SHA512
2a9ce8ee71ab207dbf4c4fcc2634d49233304da858c7880813a2127c2a063dc58703d4b2129498db630d081e1d72f899d348c01dbbcc359d92ab720b89ccdc44

Download Submit
C:\Program Files\AutoHotkey\UX\ui-dash.ahk

Filesize
6KB

MD5
669bd791c5aafb60ee0885ef064d3622

SHA1
acefb3c3997e2eadd32413814e71aaaad5a8b6d4

SHA256
e8c0b4e149ad58c57e77aac12041f1fa8bc9f25c6d642d12837efc5fd97b8d21

SHA512
eb0345b3562523c58894752276938c7e5ee63b7c3a660317c9a4c1a93b6e530b12015dd380a8a230324b94a9f042380c1a1d24b49d21c3805a4711cb185a33db

Download Submit
C:\Program Files\AutoHotkey\UX\ui-editor.ahk

Filesize
8KB

MD5
82eb574294ff4e2e7461b95f5bad0a87

SHA1
a981373ef3bd61ce5a2f0ad9bedaa1cf4acfd591

SHA256
7263286eb3a42eccf5edc39b43c74a8bf7c82f2671204d1ae654236c1de3f05d

SHA512
1c54e110b384d55ca0243ad343e69d1f0fa9b2a863af8da75a5c992d19f9e055182bba09be227882f82d0ebf4ec94094723e2db06cdf7ee2ed574348a8d72c74

Download Submit
C:\Program Files\AutoHotkey\UX\ui-launcherconfig.ahk

Filesize
8KB

MD5
57dcc5f7853cfd0bdd49f35d1f86897b

SHA1
e7cc5a9f5f689054469c670cd4efee2889d26968

SHA256
179c96d787fae5dd26cdf832e5226142ab3e4f1ff53e3b1f24cecddcf3e79947

SHA512
742fcfffa94752fcdb37b28749c9fc7e43f1e467470fb3fe59aaab2a29fbecbe29ab113481fc5d009ada059975bba00d294442ec13437cef588179b7e88fb116

Download Submit
C:\Program Files\AutoHotkey\UX\ui-newscript.ahk

Filesize
10KB

MD5
1b88198b4bd36eb25e23dc412321a555

SHA1
d3b5670d1bc7343ae40ad087bc22309dc17e118a

SHA256
31249ef15cce83d150a9a5de11168a5052ff2c55dbd574b8df1c054510b61843

SHA512
409fb90d7ea768c9d9a2574c09b8a69c93e8afd76234c24e3e0f71aa3f564a4f1aa46ff18ea328b1afccab54604bb239d37249d5811e3a84f0ab692b032a732b

Download Submit
C:\Program Files\AutoHotkey\UX\ui-setup.ahk

Filesize
7KB

MD5
dd3f9c2f9115689f4350896752f15926

SHA1
fa19f1632b865b2bc098611a8be66e9f10dc692b

SHA256
68b114a2ea4af9df54709a78ec5991a1f271097b29cb93757403fdb158746bc7

SHA512
12f34d5ec7a7d5452eef97e4c87093240050756c564140874d316d0b9d194c961debe139badc943b024b680b68961ef6cbe71fc1a567c6622797f90ed51fa549

Download Submit
C:\Program Files\AutoHotkey\UX\ui-uninstall.ahk

Filesize
2KB

MD5
0fe4932669e99a498a7bc76975919000

SHA1
e0d6a7b484d3a6c0d7427f611c575f93e4f87ba4

SHA256
1e09fc4af5dc3e673d4facfe4fa849c6bdd0b29c67b0efd7f96aaf387fcef698

SHA512
dd3b99739106953608ac2eb2ecc4e3d316b5122b1b305bd7cfab82fcc7ec0d92b5944f4724d37cbc01ca5c6b5381b57fad9256586b5dfd0026453f9c11a32394

Download Submit
C:\Program Files\AutoHotkey\WindowSpy.ahk

Filesize
159B

MD5
e5918a52b52ca3ce2e99788a26477984

SHA1
87c2b54b65663e1e29e866224faeed7e8bac759b

SHA256
c1908cfc4b224b3bc8d1a5c67cfe4acdb4e738d8acf98560905afc412981c18b

SHA512
4f320cbea5adfed4b07012e04281e8713689271932b26d3886e3519389b15e2adadb87217c5bf09b080d3db976c77accf555493b7eab5ceb45bc59131772f8e6

Download Submit
C:\Program Files\AutoHotkey\license.txt

Filesize
17KB

MD5
e3f2ad7733f3166fe770e4dc00af6c45

SHA1
3d436ffdd69f7187b85e0cf8f075bd6154123623

SHA256
b27c1a7c92686e47f8740850ad24877a50be23fd3dbd44edee50ac1223135e38

SHA512
ed97318d7c5beb425cb70b3557a16729b316180492f6f2177b68f512ba029d5c762ad1085dd56fabe022b5008f33e9ba564d72f8381d05b2e7f0fa5ec1aecdf3

Download Submit
C:\Program Files\AutoHotkey\v2\AutoHotkey.chm

Filesize
1.9MB

MD5
5836544d903111b9f15f3007ecf24e75

SHA1
562e99a9591b6adda5dc892b35923f6d99582fa3

SHA256
e18dbc5445fcd079fdbb189ba53c48ccff8fb8723fca39c353e9c99fdee38b85

SHA512
837aaf2d66c8a0964a6b979cbf0d90f64dd20996e59c771d7ea47b9bb949bc017b14585b07b137c0b60842f846004b53f5a5b1fcdf9c78dd8e38e8b60eed9283

Download Submit
C:\Program Files\AutoHotkey\v2\AutoHotkey64.exe

Filesize
1.2MB

MD5
d0cc6a21113957474e095fca77d75abd

SHA1
ea84155577bc74bf65d902425c15543509c80f4b

SHA256
70031669fef8c365a243322c52df9c3f854271489e67c5a9fc3139f56bc357e9

SHA512
2ad8fdbbf79934560b42ac6064d86276a7e24f6d8610d163b4d551e736b72b8dd6070e0e0b21599f781ef638be9c3d6aff8e8e3e9b7a2c00be948477b6558934

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey Dash.lnk

Filesize
1KB

MD5
6a21c002839b1603aca5df946bb2a8d6

SHA1
2fee293c26e2b52f295bae2e42b2bbb9c688e66a

SHA256
8fa01875188c5559c4cef1a146bcfceb8d87e2386ea2ad3601161cee7cb935c7

SHA512
2c787b32773bb3b454835827c76ab98230755eb071e6760189bc515772fa01226e08f915103f182e7aeb185a6246e53df690366b4c49010634d017f0fee53814

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey Window Spy.lnk

Filesize
2KB

MD5
eea30954ca7ce31849d48bb9decb6e99

SHA1
6cc2cc0f1004f56082fe7e7dc799498f4839ea74

SHA256
40f86d8831263f9b9138b077147f0089d94203a255e40e41e21b30be1995f9c1

SHA512
b99b49b42e1e90873e14d1899fdaac628df662fe5b1e456c5383dc2f43e5ac9a1df876135cbf95eaf8a70c3d95f059243f8c7099a761b4daf54779cb368393a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
88b451e7a424b215212a69e010bf5fba

SHA1
32e58071fa411887a8f95699455c93705efaeec0

SHA256
da905d6814a63d6a4e7095be6ed615198ca04255be6579e8107a0a71d5d055fb

SHA512
a4d9b9fb4cef5459b5ec45c0bed1f131114618a1d20c5fb7af2b4467625b0f389959ae175827caf7714526bbfa045e28580e013333c7621270a849fc459264c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
871abe174a6e9c254c0a0269d3423de4

SHA1
b1def14c04c7f04167de69e33fe0d4f30171bebe

SHA256
b8b3942b79ed8b5446f296cb6d4ba1701e5040562629aa79e88515ded6e6d048

SHA512
06ee7e417b5dab3318b184c5c7adc58873bfe160cfd338ab7d9c747684acb939658aa62b0b0ca517b33c4d94e3ceb4da3d282999bf1d6216e0e39794e5321c77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
d07d9a44e33091285c25f7d6309b2e8e

SHA1
82c468aa2104dcd89857052738a023b6a1208e0b

SHA256
6d42c06a72e11f778eb3f5c01b65420e82d33d799e60dff23102a2d831b4a447

SHA512
96002dcbce56525e24f5c0f465897c8c2644a57ecbabee8c01d063b03e09306c4ced613832362491a449788e62f349668c7ff02867477e65a70f84eca10a6b7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7f1d4d402425567f45cef89bcacc7027

SHA1
3ab944eba18b17d110a679b3611c31827e1410d7

SHA256
57836aad52d63f6d7e7552492b035838b0521a882ab0cd82c64ef9946c66a271

SHA512
3091e963b39c69609973d989dd092120619fd700b0518364ecbf7bda7ee575ffd325c0fb0e65dc2a0206ca008818414d690b9240766c0a19f0bb21395c360bbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
854B

MD5
fa316ee86572c618773f5e945e863c60

SHA1
5763ee846383f39bccf9a052016854999e0a443b

SHA256
b57dbc5bdb17e9abb59e1044d2806de333941d722b494426a39b29228d264d1e

SHA512
02b1059b8d05562ad401788e6c2d6f4bbacb3dab9d3345bd07b1f73504a9e78105b984ab869eb172bc8d878d6c58b6a73060b16283e55acc69131fe800c30754

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
01f65feab32ee194a2aec6aaf5515cd6

SHA1
1cc5d4bf57ad1ba66cfd39d7c14ab0d2a5ecfdfe

SHA256
20bafbcafcb9cf714eac4f50693316a83048e07dfdd49128a5aca6710b7e3ec7

SHA512
b70f4f593a4274b4a8aad6355aeba4f6b1003e331c230a75d18e917c7fdbc59276efcfe5dda663afed4796af9390fd952837b45ff7cb187c1b56cc503c4e6059

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2364ca93e8eaa4a955f6c475b155ed5d

SHA1
8ec0f2e285275b4449a09275afd378d4a85dc4e8

SHA256
f419000b787cdcb56f3a1aabdf883ed863a7e23ceceadc19e51fbe904dee22c6

SHA512
868604444b471a3a89f2d5d43839a6a6e60a79e6949762862a330fc669f4cb5ef7dfabae7702e83ead48370970a573134d7a8f02a4b6809a1f43360ce0929fa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9e90e32492c4d568d2d332e1a5356efd

SHA1
f2888c349ab6503a39b09d7f46577307a1053691

SHA256
95846d903deb9057eeb0c9fd43e58df04c2c9aa63a167af6971de577f0bfbaad

SHA512
83b4ba893e5f068118236872cae00a1ef10c959182f4ccbd29a6d6236a98d946dfccb4f2d5dc4fb63f166f3c0f7b23e949ece811081c7f437cfa38a2be529485

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c78f5e163f886b4b00033114d72595fe

SHA1
e3a361d86efa9b2018d1643e216a7dae82db241e

SHA256
a2daceaab301d009c128351553aad201880961288868ce7311a609875fbf76af

SHA512
ef7842994561b2ddf4f1d0a1e2bb6d815020ff8f1cb8d5b046d0543a400eb7d606bad75182441fb1fe78b0a060668e874c2f49c467c72db4665734e6565bbc3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0be74d13a63b24a2be314eaf0fb7b3a0

SHA1
65618f9e8c7182ddbce90b9b4cfa37115827b218

SHA256
ff6c1abb3bc26e86f42ca7f15f7f48dd6a1f15f938f1a12cdb1fb28018163b06

SHA512
470697f3fd0404615b38af757e9736d95366ddff357e3b2220f68e097780a1b503f3a49cc8aa797c686742acc2f79986b549c4d35750a413f397f90a4471338d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3c9b9b0d726629a48de1e142f2edcc4f

SHA1
91c2ee5fa7f9eb994d1217fa4d3542ba4a211da5

SHA256
6c41380ebe5fa8a9fcb26c4db20a4571efa5a1ef4c786265de946173850c1cba

SHA512
187e5c05f9a2503dc1a022a767717a4983a491c7d2ee95a63cac8f570e8f97eaf57b403ff5200e3bab25b806647b2ed96ba51f092bbc049935c58707a5ebdaec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
605f404e19d55275d94d239a77373b7e

SHA1
7e7ed964643009c5f63b5ca5bc7e4c0431641870

SHA256
6a875261451528d53581e065503371e40fb37a477fc74d059f995d2d62682e6a

SHA512
3a7f7db826ca28b6569198e7bf83264826cb9148cc6aac466bf421af3db3eb7a2de06f1b415e2b52866ea8091ddb8262f70b2f9440092885452a5d1c25a48aaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b4fba0f405d47d8b45e43e7953f0c881

SHA1
d92a8fc75154fc007d05f55009905903a983d220

SHA256
1baad1625c9d326030a80d909a47b4897f69b49302ef3284173d9b9353de609b

SHA512
0373a552792aa04d05d866387cbd2abb2e95624cbd724559ddf9db5463b821874eb1557ca2f62625d97e27a03b996bcd564cbbccfcb8cde4437c9edf6a9f6da1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
65332447bee05e6feb4012fb553256b6

SHA1
b1ddb32eb5d2a316c82258b3e8f23dac58800dfb

SHA256
a2adff5cef4f0370802359e7128d7dbb8f0884e6c26e04a46d6713891d302ea4

SHA512
7b1f53cc9423901c380605dc36959edd6d24b4f99c0eb6d1365d1fcfb98f7d175464dd6e15e1ce64603e0e3fa97ae46be5676fd884cd7950afd63705189210de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a744d7fcdbcef2093953ef97d16e169d

SHA1
e47764963fedbd8fc66313eabe18e76d753a2a89

SHA256
7ae0524cf5d30df7029f92b6ba811ece5580ad333ad9a38912344a11a00c1aee

SHA512
9dfeee7e6a43109d00127b01c64902eb786ab4513efd5a1dbc59abbbe6cb7cd032ec3e5453c81bc5f0d9d1394ac94ca8a6de1b8f1f6d20760bbda210872d5e5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0237b359b0772e05309a865bc467796e

SHA1
301ba924bc3a15f548754df9ca72b968c00259e6

SHA256
873a7bb8cda1150f11a011df66e54ee603b5a520f25e19f63478bced29ad68a8

SHA512
8797ebb14f9d0a76abd60a696c9c47516a5c0b9889d4e24e2b986f2cc2757dba4c9ff5078de01fcc72a3917dd53b6372acab0ba303d0c5535b98c004d7d0056a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d0d4d6e432199e8096569796b98cfd80

SHA1
13f1d25381e94b9ab6ec80d49a42de25023921fd

SHA256
875f3e1224ff692f043feffb635756dd609ef3f7e4125a7d1031494105197321

SHA512
a91d02ad6f3aaeed39c3f94c549bc9e293752eaae76a277b2845194338dd44374a01e2a0c0833f36831fc97345265c9db16f06dcad6a92c4a0e53837664384ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b267ce14d1238fcce68f4b58a4df9712

SHA1
ce2118840ca19084cfa19a705f661ee51b5ba132

SHA256
9cfbfef0dd080d2506a0778c9e6520bd07e726f621e7d6f5ec5e68e8b924e2c2

SHA512
a466976719a5766048c5ad9ebf615743b97747b30515e6c196bacfb0412a15587eef3f110eb9abf747fb211a6337ef5d8cc33e6ee672933138802cc216f2d2cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
1f58901f433cd5d341d949d46f6ebbcd

SHA1
17033430b1361dcb25fde344c970907586ec545f

SHA256
235f4ce1571d9750b4af331f6cb57867abd852a548771ae6c349cc08e9185d2f

SHA512
f1d908061f2c9f5b4122600f567cbc2a3a73608c9289ff92989f7c61f483c2e9fc11b33f2b230e311978e8ba2e4163da94fd0b24b362726b4a71527fd87a4b7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
8da992e7cf4190acdf2e81ebe2dc94f4

SHA1
e31c0109a6dbc166790234502b25ed92589d51c4

SHA256
81059ad0b8269b02edfde1ab4ebfe60371b7d7385323b17e414910b83a6ed58f

SHA512
563ab99564ffb7f7149d73a43f0085c7cc5d0090b322b6709907c10af10ca39178f1f5bbb91a2720b564fbbf958cfbd93b66021e7fbf89d0fb18d4cf8db56229

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z82CD232C\setup.exe

Filesize
872KB

MD5
b98ee9e00b5546763f9c6e65e436f6e6

SHA1
a28e2b0ba6cc748d166b2eb6d0c8acb0bd3b9f3b

SHA256
6d876c526b5cbc5dc5341c1011b1c91639597f46677a1d42426f4a52dfea6756

SHA512
556e632fe39231622398c5afccc51d01f25bc430705a126737877ed9f354c7076b5bf3cbac27f8a1c4db4d326b6a8848fae4b8d6046f816597c370d06e824591

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 161501.crdownload

Filesize
2.9MB

MD5
71e486a03ab282b75886e3712ebb1efa

SHA1
33501837a85ea22f98723746aecf5199865353f9

SHA256
a30af310f45d4076cf1580bb08015db9a1337ddc1a99cf61829e645b196e8b2e

SHA512
855e76b756a5b3d2a465a900fe146eaa7113fe45a7b8c88e057b8d4f975b2b08b8b6b11ea1a697fc7df2fea3f6f0772e6c356e109240bb4e655efae7dc407f55

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 487792.crdownload

Filesize
3.3MB

MD5
c2e8062052bb2b25d4951b78ba9a5e73

SHA1
947dbf6343d632fc622cc2920d0ad303c32fcc80

SHA256
49a48e879f7480238d2fe17520ac19afe83685aac0b886719f9e1eac818b75cc

SHA512
c9a5ea57842f69223bd32a9b9e4aaad44d422f56e362469299f56d8b34b5e8bbf2b51d4e64d2bebe6c95d6d8545a8a88e6107b9b0a813e469f613e1353aad7a4

Download Submit
memory/4384-433-0x0000000000400000-0x000000000094C000-memory.dmp

Filesize
5.3MB

Download
memory/4384-430-0x0000000000400000-0x000000000094C000-memory.dmp

Filesize
5.3MB

Download
memory/4632-627-0x0000000000400000-0x000000000094C000-memory.dmp

Filesize
5.3MB

Download
memory/4632-833-0x0000000000400000-0x000000000094C000-memory.dmp

Filesize
5.3MB

Download