hxxps://drive[.]google[.]com/file/d/1oCGtzrzqZsju5x6hv9lEAIXSo_k_Q2E8/view?pli=1

Analysis

max time kernel
160s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-12-2024 17:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1oCGtzrzqZsju5x6hv9lEAIXSo_k_Q2E8/view?pli=1

Score

8^/10

discovery evasion trojan upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 29 IoCs

pid	Process
5204	AutoHotkey_2.0.18_setup.exe
3612	AutoHotkey_2.0.18_setup.exe
5312	AutoHotkey_2.0.18_setup.exe
6108	AutoHotkeyUX.exe
5048	AutoHotkeyUX.exe
5940	AutoHotkeyUX.exe
5728	AutoHotkeyUX.exe
4852	Ahk2Exe.exe
5984	AutoHotkeyUX.exe
5524	AutoHotkey_1.1.37.02_setup.exe
4048	setup.exe
6056	AutoHotkey_1.1.37.02_setup.exe
1028	setup.exe
5304	AutoHotkey_1.1.37.02_setup.exe
3800	setup.exe
6064	AutoHotkey_1.1.37.02_setup.exe
4196	setup.exe
4644	AutoHotkey_1.1.37.02_setup.exe
5616	setup.exe
5852	AutoHotkey_1.1.37.02_setup.exe
2584	setup.exe
1476	AutoHotkey_1.1.37.02_setup.exe
5684	setup.exe
2016	AutoHotkey_1.1.37.02_setup.exe
1296	setup.exe
5124	AutoHotkey_1.1.37.02_setup.exe
3456	setup.exe
5576	AutoHotkey_1.1.37.02_setup.exe
1932	setup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 10 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	setup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	setup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	setup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	setup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	setup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	setup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	setup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	setup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	setup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	setup.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
9	drive.google.com

Probable phishing domain 1 TTPs 1 IoCs

Phishing

T1566

description	flow	ioc	stream
HTTP URL	101	https://www.autohotkey.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8f5160c09db4ef1f	3

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0009000000023d28-279.dat	upx
behavioral1/memory/5204-318-0x0000000000400000-0x000000000094C000-memory.dmp	upx
behavioral1/memory/5204-330-0x0000000000400000-0x000000000094C000-memory.dmp	upx
behavioral1/memory/3612-542-0x0000000000400000-0x000000000094C000-memory.dmp	upx
behavioral1/memory/3612-721-0x0000000000400000-0x000000000094C000-memory.dmp	upx
behavioral1/memory/5312-731-0x0000000000400000-0x000000000094C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\AutoHotkey\UX\inc\bounce-v1.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\GetGitHubReleaseAssetURL.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\HashFile.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\v2\AutoHotkey.exe	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\ui-editor.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\ui-newscript.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\inc\GetGitHubReleaseAssetURL.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\reload-v1.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\ui-newscript.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\v2\AutoHotkey64.exe	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\install-version.ahk	AutoHotkey_2.0.18_setup.exe
File opened for modification	C:\Program Files\AutoHotkey\v2\RCX94AB.tmp	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\installed-files.csv	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\AutoHotkey.chm	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\reset-assoc.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\inc\README.txt	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\inc\ShellRun.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\inc\launcher-common.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\inc\ui-base.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\install-ahk2exe.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\ui-editor.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\WindowSpy.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\ui-dash.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\ui-launcherconfig.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\Install.cmd	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\install-version.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\launcher.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\inc\CreateAppShortcut.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\common.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\spy.ico	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\WindowSpy.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\inc\bounce-v1.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\inc\CommandLineToArgs.ahk	AutoHotkey_2.0.18_setup.exe
File opened for modification	C:\Program Files\AutoHotkey\v2\AutoHotkey32.exe	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\launcher-common.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\ui-dash.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\ui-setup.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\v2\AutoHotkey.chm	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\EnableUIAccess.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\Compiler\Ahk2Exe.exe	AutoHotkeyUX.exe
File created	C:\Program Files\AutoHotkey\UX\Templates\Minimal for v2.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\v2\AutoHotkey32_UIA.exe	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\install-ahk2exe.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\reload-v1.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\inc\EnableUIAccess.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\ui-uninstall.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\ui-base.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\README.txt	AutoHotkey_2.0.18_setup.exe
File opened for modification	C:\Program Files\AutoHotkey\UX\.staging\Compiler\Ahk2Exe.exe	AutoHotkeyUX.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\ui-launcherconfig.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\ui-uninstall.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\Templates\Minimal for v2.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\launcher.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\CommandLineToArgs.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\inc\config.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\install.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\identify.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\.staging\Ahk2Exe.zip	AutoHotkeyUX.exe
File opened for modification	C:\Program Files\AutoHotkey\Compiler\Ahk2Exe.exe	AutoHotkeyUX.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\license.txt	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\install.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\identify_regex.ahk	AutoHotkey_2.0.18_setup.exe
File created	C:\Program Files\AutoHotkey\license.txt	AutoHotkey_2.0.18_setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 25 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AutoHotkey_1.1.37.02_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AutoHotkey_1.1.37.02_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AutoHotkey_1.1.37.02_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AutoHotkey_2.0.18_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AutoHotkey_1.1.37.02_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AutoHotkey_1.1.37.02_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AutoHotkey_1.1.37.02_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AutoHotkey_2.0.18_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AutoHotkey_1.1.37.02_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AutoHotkey_1.1.37.02_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AutoHotkey_2.0.18_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AutoHotkey_1.1.37.02_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AutoHotkey_1.1.37.02_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ahk2Exe.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Launch\ = "Launch"	AutoHotkey_2.0.18_setup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	AutoHotkeyUX.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Edit\Command	AutoHotkey_2.0.18_setup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 = 48003100000000009459458c100055580000360009000400efbe94593d8c9459458c2e000000b73d020000000700000000000000000000000000000052b6100155005800000012000000	AutoHotkeyUX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	AutoHotkeyUX.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	AutoHotkeyUX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	AutoHotkeyUX.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Compile\Command\ = "\"C:\\Program Files\\AutoHotkey\\Compiler\\Ahk2Exe.exe\" /in \"%l\" %*"	AutoHotkeyUX.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\UIAccess\Command	AutoHotkey_2.0.18_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Edit\ = "Edit script"	AutoHotkey_2.0.18_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\DefaultIcon	AutoHotkey_2.0.18_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\RunAs\AppUserModelID = "AutoHotkey.AutoHotkey"	AutoHotkey_2.0.18_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	AutoHotkeyUX.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript	AutoHotkey_2.0.18_setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	AutoHotkeyUX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	AutoHotkeyUX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	AutoHotkeyUX.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	AutoHotkeyUX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	AutoHotkeyUX.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell\Compile-Gui	AutoHotkeyUX.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\ = "AutoHotkey Script"	AutoHotkey_2.0.18_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell\Open\Command	AutoHotkey_2.0.18_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Open\Command\ = "\"C:\\Program Files\\AutoHotkey\\UX\\AutoHotkeyUX.exe\" \"C:\\Program Files\\AutoHotkey\\UX\\launcher.ahk\" \"%1\" %*"	AutoHotkey_2.0.18_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell\Edit	AutoHotkey_2.0.18_setup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000	AutoHotkeyUX.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	AutoHotkeyUX.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Compile-Gui\ = "Compile script (GUI)..."	AutoHotkeyUX.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Launch\ProgrammaticAccessOnly	AutoHotkey_2.0.18_setup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 5e003100000000009459458c10004155544f484f7e310000460009000400efbe94593d8c9459458c2e000000823d020000000800000000000000000000000000000098bc14014100750074006f0048006f0074006b0065007900000018000000	AutoHotkeyUX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	AutoHotkeyUX.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell	AutoHotkey_2.0.18_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings	AutoHotkeyUX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\NodeSlot = "1"	AutoHotkeyUX.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	AutoHotkeyUX.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.ahk\ShellNew\Command = "\"C:\\Program Files\\AutoHotkey\\UX\\AutoHotkeyUX.exe\" \"C:\\Program Files\\AutoHotkey\\UX\\ui-newscript.ahk\" \"%1\""	AutoHotkey_2.0.18_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	AutoHotkeyUX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	AutoHotkeyUX.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\AppUserModelID = "AutoHotkey.AutoHotkey"	AutoHotkey_2.0.18_setup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	AutoHotkeyUX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	AutoHotkeyUX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	AutoHotkeyUX.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	AutoHotkeyUX.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Compile-Gui\Command\ = "\"C:\\Program Files\\AutoHotkey\\Compiler\\Ahk2Exe.exe\" /gui /in \"%l\" %*"	AutoHotkeyUX.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell\Launch\Command	AutoHotkey_2.0.18_setup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e8005398e082303024b98265d99428e115f0000	AutoHotkeyUX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	AutoHotkeyUX.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript	AutoHotkeyUX.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell\RunAs\Command	AutoHotkey_2.0.18_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell	AutoHotkey_2.0.18_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\RunAs\HasLUAShield	AutoHotkey_2.0.18_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell\Edit\Command	AutoHotkey_2.0.18_setup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	AutoHotkeyUX.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	AutoHotkeyUX.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell\Compile-Gui\Command	AutoHotkeyUX.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Open\AppUserModelID = "AutoHotkey.AutoHotkey"	AutoHotkey_2.0.18_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\RunAs	AutoHotkey_2.0.18_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell\Launch	AutoHotkey_2.0.18_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Edit\Command\ = "\"C:\\Program Files\\AutoHotkey\\UX\\AutoHotkeyUX.exe\" \"C:\\Program Files\\AutoHotkey\\UX\\ui-editor.ahk\" \"%1\""	AutoHotkey_2.0.18_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	AutoHotkeyUX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\MRUListEx = ffffffff	AutoHotkeyUX.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	AutoHotkeyUX.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell	AutoHotkeyUX.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\36D0F187CBF39A58C807B3DAF5CDB68A7D2300F5	AutoHotkey_2.0.18_setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\36D0F187CBF39A58C807B3DAF5CDB68A7D2300F5\Blob = 03000000010000001400000036d0f187cbf39a58c807b3daf5cdb68a7d2300f50200000001000000840000001c0000003400000001000000000000000000000000000000020000004100750074006f0048006f0074006b0065007900000000004d006900630072006f0073006f006600740020005300740072006f006e0067002000430072007900700074006f0067007200610070006800690063002000500072006f007600690064006500720000002000000001000000e1010000308201dd30820146a003020102021078f7807c659e9aae4c439f04ac445b29300d06092a864886f70d01010505003015311330110603550403130a4175746f486f746b65793020170d3234313232303137333335365a180f39393939303130313132303030305a3015311330110603550403130a4175746f486f746b657930819f300d06092a864886f70d010101050003818d0030818902818100bf7df772c10266a86bfc339ea5f02efb3f40dd473a69cb389e9fe88ec5c5ef83ae667263e2b685112615d0bc79f55c44692439833aca3c393ebb7e491edbcd81346a24f323c96c484c2a30be8fc1aeb18adfd5fcc36d3ca3d07f9bd2125838b3e193034cd322048ca3c29cc4ab8b04767b3f0d1b44eb6a168f2d7e01019cf6c50203010001a32c302a30100603551d040101ff040630040302049030160603551d250101ff040c300a06082b06010505070303300d06092a864886f70d01010505000381810032a166998d5c51ec5ebaa0d70ed1e3fdb441708cb58a57cb7612cb8f04a415f4a20331c17ef34b84beae8414565ceef01324a5ed3694d0b81b1cf9f8909855799d21449d876463c3caaf448880f32a867cfe9ccd1dcfec4139439cb88d6cd24146252820498b79e67cee4fa5b22798e1243552059947c7be50e80efb612d39c9	AutoHotkey_2.0.18_setup.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 420507.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 212694.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4312	msedge.exe
4312	msedge.exe
4840	msedge.exe
4840	msedge.exe
2708	msedge.exe
2708	msedge.exe
3440	identity_helper.exe
3440	identity_helper.exe
244	msedge.exe
244	msedge.exe
4588	msedge.exe
4588	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5048	AutoHotkeyUX.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: 35	3612	AutoHotkey_2.0.18_setup.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
6108	AutoHotkeyUX.exe
6108	AutoHotkeyUX.exe
5728	AutoHotkeyUX.exe
5728	AutoHotkeyUX.exe
5728	AutoHotkeyUX.exe
5728	AutoHotkeyUX.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
6108	AutoHotkeyUX.exe
6108	AutoHotkeyUX.exe
5728	AutoHotkeyUX.exe
5728	AutoHotkeyUX.exe
5728	AutoHotkeyUX.exe
5728	AutoHotkeyUX.exe
4840	msedge.exe
4840	msedge.exe

Suspicious use of SetWindowsHookEx 46 IoCs

pid	Process
2972	OpenWith.exe
2972	OpenWith.exe
2972	OpenWith.exe
5048	AutoHotkeyUX.exe
5048	AutoHotkeyUX.exe
5048	AutoHotkeyUX.exe
5524	AutoHotkey_1.1.37.02_setup.exe
4048	setup.exe
4048	setup.exe
4048	setup.exe
6056	AutoHotkey_1.1.37.02_setup.exe
1028	setup.exe
1028	setup.exe
1028	setup.exe
5304	AutoHotkey_1.1.37.02_setup.exe
3800	setup.exe
3800	setup.exe
3800	setup.exe
6064	AutoHotkey_1.1.37.02_setup.exe
4196	setup.exe
4196	setup.exe
4196	setup.exe
4644	AutoHotkey_1.1.37.02_setup.exe
5616	setup.exe
5616	setup.exe
5616	setup.exe
5852	AutoHotkey_1.1.37.02_setup.exe
2584	setup.exe
2584	setup.exe
2584	setup.exe
1476	AutoHotkey_1.1.37.02_setup.exe
5684	setup.exe
5684	setup.exe
5684	setup.exe
2016	AutoHotkey_1.1.37.02_setup.exe
1296	setup.exe
1296	setup.exe
1296	setup.exe
5124	AutoHotkey_1.1.37.02_setup.exe
3456	setup.exe
3456	setup.exe
3456	setup.exe
5576	AutoHotkey_1.1.37.02_setup.exe
1932	setup.exe
1932	setup.exe
1932	setup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4840 wrote to memory of 1144	4840	msedge.exe	84
PID 4840 wrote to memory of 1144	4840	msedge.exe	84
PID 4840 wrote to memory of 3488	4840	msedge.exe	85
PID 4840 wrote to memory of 3488	4840	msedge.exe	85
PID 4840 wrote to memory of 3488	4840	msedge.exe	85
PID 4840 wrote to memory of 3488	4840	msedge.exe	85
PID 4840 wrote to memory of 3488	4840	msedge.exe	85
PID 4840 wrote to memory of 3488	4840	msedge.exe	85
PID 4840 wrote to memory of 3488	4840	msedge.exe	85
PID 4840 wrote to memory of 3488	4840	msedge.exe	85
PID 4840 wrote to memory of 3488	4840	msedge.exe	85
PID 4840 wrote to memory of 3488	4840	msedge.exe	85
PID 4840 wrote to memory of 3488	4840	msedge.exe	85
PID 4840 wrote to memory of 3488	4840	msedge.exe	85
PID 4840 wrote to memory of 3488	4840	msedge.exe	85
PID 4840 wrote to memory of 3488	4840	msedge.exe	85
PID 4840 wrote to memory of 3488	4840	msedge.exe	85
PID 4840 wrote to memory of 3488	4840	msedge.exe	85
PID 4840 wrote to memory of 3488	4840	msedge.exe	85
PID 4840 wrote to memory of 3488	4840	msedge.exe	85
PID 4840 wrote to memory of 3488	4840	msedge.exe	85
PID 4840 wrote to memory of 3488	4840	msedge.exe	85
PID 4840 wrote to memory of 3488	4840	msedge.exe	85
PID 4840 wrote to memory of 3488	4840	msedge.exe	85
PID 4840 wrote to memory of 3488	4840	msedge.exe	85
PID 4840 wrote to memory of 3488	4840	msedge.exe	85
PID 4840 wrote to memory of 3488	4840	msedge.exe	85
PID 4840 wrote to memory of 3488	4840	msedge.exe	85
PID 4840 wrote to memory of 3488	4840	msedge.exe	85
PID 4840 wrote to memory of 3488	4840	msedge.exe	85
PID 4840 wrote to memory of 3488	4840	msedge.exe	85
PID 4840 wrote to memory of 3488	4840	msedge.exe	85
PID 4840 wrote to memory of 3488	4840	msedge.exe	85
PID 4840 wrote to memory of 3488	4840	msedge.exe	85
PID 4840 wrote to memory of 3488	4840	msedge.exe	85
PID 4840 wrote to memory of 3488	4840	msedge.exe	85
PID 4840 wrote to memory of 3488	4840	msedge.exe	85
PID 4840 wrote to memory of 3488	4840	msedge.exe	85
PID 4840 wrote to memory of 3488	4840	msedge.exe	85
PID 4840 wrote to memory of 3488	4840	msedge.exe	85
PID 4840 wrote to memory of 3488	4840	msedge.exe	85
PID 4840 wrote to memory of 3488	4840	msedge.exe	85
PID 4840 wrote to memory of 4312	4840	msedge.exe	86
PID 4840 wrote to memory of 4312	4840	msedge.exe	86
PID 4840 wrote to memory of 3608	4840	msedge.exe	87
PID 4840 wrote to memory of 3608	4840	msedge.exe	87
PID 4840 wrote to memory of 3608	4840	msedge.exe	87
PID 4840 wrote to memory of 3608	4840	msedge.exe	87
PID 4840 wrote to memory of 3608	4840	msedge.exe	87
PID 4840 wrote to memory of 3608	4840	msedge.exe	87
PID 4840 wrote to memory of 3608	4840	msedge.exe	87
PID 4840 wrote to memory of 3608	4840	msedge.exe	87
PID 4840 wrote to memory of 3608	4840	msedge.exe	87
PID 4840 wrote to memory of 3608	4840	msedge.exe	87
PID 4840 wrote to memory of 3608	4840	msedge.exe	87
PID 4840 wrote to memory of 3608	4840	msedge.exe	87
PID 4840 wrote to memory of 3608	4840	msedge.exe	87
PID 4840 wrote to memory of 3608	4840	msedge.exe	87
PID 4840 wrote to memory of 3608	4840	msedge.exe	87
PID 4840 wrote to memory of 3608	4840	msedge.exe	87
PID 4840 wrote to memory of 3608	4840	msedge.exe	87
PID 4840 wrote to memory of 3608	4840	msedge.exe	87
PID 4840 wrote to memory of 3608	4840	msedge.exe	87
PID 4840 wrote to memory of 3608	4840	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1oCGtzrzqZsju5x6hv9lEAIXSo_k_Q2E8/view?pli=1
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8568146f8,0x7ff856814708,0x7ff856814718
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,1278709792010763269,18361239537143033074,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,1278709792010763269,18361239537143033074,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,1278709792010763269,18361239537143033074,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1278709792010763269,18361239537143033074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1278709792010763269,18361239537143033074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1278709792010763269,18361239537143033074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2068,1278709792010763269,18361239537143033074,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5872 /prefetch:8
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1278709792010763269,18361239537143033074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2068,1278709792010763269,18361239537143033074,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3984 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,1278709792010763269,18361239537143033074,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6160 /prefetch:8
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,1278709792010763269,18361239537143033074,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6160 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1278709792010763269,18361239537143033074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1278709792010763269,18361239537143033074,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1278709792010763269,18361239537143033074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1278709792010763269,18361239537143033074,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1278709792010763269,18361239537143033074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1278709792010763269,18361239537143033074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1278709792010763269,18361239537143033074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1278709792010763269,18361239537143033074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1278709792010763269,18361239537143033074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1278709792010763269,18361239537143033074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1278709792010763269,18361239537143033074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1278709792010763269,18361239537143033074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1278709792010763269,18361239537143033074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1278709792010763269,18361239537143033074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:5836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2068,1278709792010763269,18361239537143033074,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1996 /prefetch:8
  2⤵
  PID:5892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2068,1278709792010763269,18361239537143033074,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:244
- C:\Users\Admin\Downloads\AutoHotkey_2.0.18_setup.exe
  "C:\Users\Admin\Downloads\AutoHotkey_2.0.18_setup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5204
- - C:\Users\Admin\Downloads\AutoHotkey_2.0.18_setup.exe
    "C:\Users\Admin\Downloads\AutoHotkey_2.0.18_setup.exe" /to "C:\Program Files\AutoHotkey"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Modifies system certificate store
    - Suspicious use of AdjustPrivilegeToken
    PID:3612
  - - C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe
      "C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe" "C:\Program Files\AutoHotkey\UX\reset-assoc.ahk" /check
      4⤵
      Executes dropped EXE
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:6108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1278709792010763269,18361239537143033074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1278709792010763269,18361239537143033074,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1278709792010763269,18361239537143033074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1278709792010763269,18361239537143033074,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7244 /prefetch:1
  2⤵
  PID:548
- C:\Users\Admin\Downloads\AutoHotkey_2.0.18_setup.exe
  "C:\Users\Admin\Downloads\AutoHotkey_2.0.18_setup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5312
- C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe
  "C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe" "C:\Program Files\AutoHotkey\UX\launcher.ahk" "C:\Users\Admin\Downloads\Fisch Macro V11.ahk"
  2⤵
  - Executes dropped EXE
  PID:5984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1278709792010763269,18361239537143033074,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2068,1278709792010763269,18361239537143033074,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6048 /prefetch:8
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2068,1278709792010763269,18361239537143033074,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1278709792010763269,18361239537143033074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1278709792010763269,18361239537143033074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2068,1278709792010763269,18361239537143033074,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4108 /prefetch:8
  2⤵
  PID:5672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2068,1278709792010763269,18361239537143033074,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6096 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4588
- C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup.exe
  "C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5524
- - C:\Users\Admin\AppData\Local\Temp\7z92C69594\setup.exe
    C:\Users\Admin\AppData\Local\Temp\7z92C69594\setup.exe
    3⤵
    - Executes dropped EXE
    - Checks whether UAC is enabled
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4048
- C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup.exe
  "C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:6056
- - C:\Users\Admin\AppData\Local\Temp\7z9D9567A8\setup.exe
    C:\Users\Admin\AppData\Local\Temp\7z9D9567A8\setup.exe
    3⤵
    - Executes dropped EXE
    - Checks whether UAC is enabled
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1028
- C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup.exe
  "C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5304
- - C:\Users\Admin\AppData\Local\Temp\7z9CEAE4B8\setup.exe
    C:\Users\Admin\AppData\Local\Temp\7z9CEAE4B8\setup.exe
    3⤵
    - Executes dropped EXE
    - Checks whether UAC is enabled
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,1278709792010763269,18361239537143033074,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5060 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3948
- C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup.exe
  "C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:6064
- - C:\Users\Admin\AppData\Local\Temp\7z9C3907B0\setup.exe
    C:\Users\Admin\AppData\Local\Temp\7z9C3907B0\setup.exe
    3⤵
    - Executes dropped EXE
    - Checks whether UAC is enabled
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4196
- C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup.exe
  "C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4644
- - C:\Users\Admin\AppData\Local\Temp\7z99115224\setup.exe
    C:\Users\Admin\AppData\Local\Temp\7z99115224\setup.exe
    3⤵
    - Executes dropped EXE
    - Checks whether UAC is enabled
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:5616
- C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup.exe
  "C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5852
- - C:\Users\Admin\AppData\Local\Temp\7z9F8C86DC\setup.exe
    C:\Users\Admin\AppData\Local\Temp\7z9F8C86DC\setup.exe
    3⤵
    - Executes dropped EXE
    - Checks whether UAC is enabled
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2584
- C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup.exe
  "C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1476
- - C:\Users\Admin\AppData\Local\Temp\7z995D05C4\setup.exe
    C:\Users\Admin\AppData\Local\Temp\7z995D05C4\setup.exe
    3⤵
    - Executes dropped EXE
    - Checks whether UAC is enabled
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:5684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3184

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2972

C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe
"C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe" UX\ui-dash.ahk
1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5048
- C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe
  "C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe" "C:\Program Files\AutoHotkey\UX\ui-editor.ahk" "C:\Users\Admin\Downloads\Fisch Macro V11-1.ahk"
  2⤵
  - Executes dropped EXE
  PID:5940
- C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe
  "C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe" /script "C:\Program Files\AutoHotkey\UX\install-ahk2exe.ahk"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:5728

C:\Program Files\AutoHotkey\Compiler\Ahk2Exe.exe
"C:\Program Files\AutoHotkey\Compiler\Ahk2Exe.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4852
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c echo 1
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3712

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4072

C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup.exe
"C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2016
- C:\Users\Admin\AppData\Local\Temp\7z995AE7E0\setup.exe
  C:\Users\Admin\AppData\Local\Temp\7z995AE7E0\setup.exe
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1296

C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup.exe
"C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5124
- C:\Users\Admin\AppData\Local\Temp\7zA2392404\setup.exe
  C:\Users\Admin\AppData\Local\Temp\7zA2392404\setup.exe
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3456

C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup.exe
"C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5576
- C:\Users\Admin\AppData\Local\Temp\7zA75795C8\setup.exe
  C:\Users\Admin\AppData\Local\Temp\7zA75795C8\setup.exe
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Phishing

T1566

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\AutoHotkey32.exe

Filesize
955KB

MD5
79df35982c6d7de66155a01505c00bf1

SHA1
e9e488f574ffb40dd62922328c4edec07b3d1a0c

SHA256
fe0b57163bcf3d4542d902570b48665523d9293090496f990bb76ed421173f3c

SHA512
643e8e0ef47afa87f81fb995a9e5c6d58a8a57c7a824fe91f3ddcb017a867578c0ac0ad9f05435418b9645805a07b97487f814e09e125d77ffb6bc7ed3b8f147

Download Submit
C:\Program Files\AutoHotkey\UX\.staging\Ahk2Exe.zip

Filesize
466KB

MD5
eacbf2fe9d2bf5f52b58994f13e196fb

SHA1
aea6972d9496b71e061d8a1a21985944178be7dc

SHA256
287079ba96dcfa79fa6c568481f4a26bd3ac26671f8a21c4c03ed331657d53c0

SHA512
a02b626408fdef85afdcf318a83e12a09dd9451bd4839dde823bf6a9e5ab6749b6fa20a701d09f079d340f776cd9f38d17d713f219843610cd6365e9c1f17c44

Download Submit
C:\Program Files\AutoHotkey\UX\.staging\Compiler\Ahk2Exe.exe

Filesize
972KB

MD5
6f79d9f28122fd6c7657aff6d324a8f0

SHA1
a75ae376ca116e35058fb438c9c8ee128cebf240

SHA256
05bba28c3820cd8ee65b22f6ebdac11708f2e79d17f2e8632b6fb229dde5e23a

SHA512
708039887c7244a18cfc1754e7f7aece574f60e9cba71d33f93a35f2d721527e972cc982a1522d53037b547aa006eb8803c30bbc23763b61a0da5fbb28aa3b81

Download Submit
C:\Program Files\AutoHotkey\UX\Templates\Minimal for v2.ahk

Filesize
93B

MD5
cdc8756680c459bd511d2bd2895fe2b2

SHA1
a7ea57fd628cfe2f664f2647510c6a412c520dfb

SHA256
7f618d3ca343a0739a52a4a3c4f5b963ed98dc077b60c65fdc77d70fb0ec12d3

SHA512
101722eb5bba352d557e7d70704e24a54a129276857e8cc13f40da26dfa9267a67de79e52a0f552ff676d1825d0fb2eb467837b397d2e6905fa90d6891bccd45

Download Submit
C:\Program Files\AutoHotkey\UX\WindowSpy.ahk

Filesize
7KB

MD5
e2067d978526b83a1da967f16a69c125

SHA1
08000fb66e6f1b1fcd450f32e1757a39b3a7ba16

SHA256
040404a4def02f17cdafda938f5b63fc2181940ba1290da5742db0862c07166e

SHA512
a453669b15c18f24a989a57441f961861578c09c145a4364c982410e5e05ab09b05ad4a77929ccf4ab9e00e5e3d73029a13660156bf4eef9011accfd59800ea0

Download Submit
C:\Program Files\AutoHotkey\UX\inc\CommandLineToArgs.ahk

Filesize
352B

MD5
e8d9a7e78d6a2a40bfb532b4812bde59

SHA1
5674b63092a69c419a42bab9e7462bde3bdb3cad

SHA256
a6c51e2188e31e3510577263d7b96db147b0df3dfa24c96df8fdd9d73da859ee

SHA512
dd7d78c7724dca4684c732b0f3f8e73af67610de8945255b48b9301672ac0b4f405c802a8cd4c343d53266f492d2d0dcd2727b5ebdb9e90cfc9173876b9ab905

Download Submit
C:\Program Files\AutoHotkey\UX\inc\CreateAppShortcut.ahk

Filesize
1KB

MD5
2ffbde65b63790c5aa12996e9ef9068c

SHA1
a793986e4e72d5b5a866e927855eacc3a0399a7a

SHA256
40a6f0cda5fd1dff324cab288bb453aa60b41b09dacbfbc64f2d871423f33935

SHA512
315b2803c8e803b238e87de63a5737350e41d248f67c54662341ca889c3bd5fc6fc2f516ca20f1ff4d74fca4af247b64ec7795d4c4e8990fffce49bbf037a906

Download Submit
C:\Program Files\AutoHotkey\UX\inc\EnableUIAccess.ahk

Filesize
10KB

MD5
65d05ec61cca0547e218655e65e5ea7c

SHA1
1cf93558bb9f1ae5a055b3f9085bf4166b7f43dd

SHA256
a9a824a763195e5810bf904854af7ed41c025527b2b8faa7532c6f24189d69b9

SHA512
65172fa0f9148106e44fde99e0bcad173c4eef405a19b1f54961f2a248f6e6b0a05568d728e83d6582113d0d12a5e87ce763c53271c4d52b9362b19e22ea7d23

Download Submit
C:\Program Files\AutoHotkey\UX\inc\GetGitHubReleaseAssetURL.ahk

Filesize
844B

MD5
1a8ab9bb38fd0da51d03dc48e3a0b2ea

SHA1
5c74ddd45c91a39b921139881c76c48c97e35825

SHA256
48a3f822a720b8e9b41165a1d19d56411d1f58036338ebd07ab40f2a14cf0f1b

SHA512
1b88603fb9eb28e717cb77623ff0159f5f45e677c34316dc0c5d5c2ed46c59f10d3afb532b1f99920f91b8098e544873f944b1e0e575efd694dd24bdca22c14e

Download Submit
C:\Program Files\AutoHotkey\UX\inc\HashFile.ahk

Filesize
2KB

MD5
727ae6f2ec77a5b56774df9da14636d2

SHA1
8216a2122c825127ca59b05b0bae0d57e92f1110

SHA256
84032ecac8ed334cf8788a81bea721b0af5cd7ca7dca57b60cdec3556ae33914

SHA512
f1058216b5d1b8d590eb4cafd5139f71f8df5f96a3fcc314a7635cb1b99de8623d87c57c567868ebdafb09925b8d13fdadcee49fa89f1a239725a92b948272cc

Download Submit
C:\Program Files\AutoHotkey\UX\inc\README.txt

Filesize
182B

MD5
4b095aae00456aa248024a184671e4d5

SHA1
84ae516fbc62ce0aa10ffeacd7ba865a35a0a375

SHA256
d65c6e73417e6bba7a619f2e68933b74e6ae6141277b65542aed9b6acdfc83ff

SHA512
77aabe92719d8fc7a28c76f3b76fa2e42a188db14f004262d8e913620aa990cde29119b82d919511fc0d828ca0a108ea79858ba158b6a8ed6a260b72b4ee229d

Download Submit
C:\Program Files\AutoHotkey\UX\inc\ShellRun.ahk

Filesize
420B

MD5
9e53fca8c7f6a9ee179f0fc0a7890ea3

SHA1
dc2a1bf437eea36b3f5ba9318f3b391b405d5cb2

SHA256
ea67340c555fdc1abf8e324ac550ac37d2ba5f96a8edef120e72fb340f8f95c0

SHA512
cad5c07f952fb93413b4a3990c522ba4b446ae41f11c8dd323bdcde1b30fbfd76515606d5dc4bcb8768bd382cdb82553801539a192b002696d253341f3c0dbc5

Download Submit
C:\Program Files\AutoHotkey\UX\inc\bounce-v1.ahk

Filesize
142B

MD5
165b8fc572f943e3665994f87f1772b7

SHA1
265ca3d2a66a7e1807962eb7e8a444cefb61bc0c

SHA256
9b75c7f804d1d55807459e6f06db2bee8e1fb60ce9c9340d44a7b491ce53b982

SHA512
e675453eef9a10560cb9ea95e993d8068c8dfca3664a140b6ba33361d0736632b8ce3a37770411583f558476173294bcc12b83bf33190d89eb009bfb9bb5f0af

Download Submit
C:\Program Files\AutoHotkey\UX\inc\common.ahk

Filesize
688B

MD5
dac79ad5a978f0497de70a005b6a6084

SHA1
db100ce15998772fe322679468f46b0f25239eb4

SHA256
dbc1420c9368e954176cd1bc38c0bf5498d721cb7dee50b5abef51611a33c658

SHA512
9f2a2c0e01724ef82860cfb97fbe6196d29b3b41080f04b3f51653f2f535849428b0a245bc954aa57569aa660d5a5a20d2d1e0dbb9081d718bf2deddb051f47c

Download Submit
C:\Program Files\AutoHotkey\UX\inc\config.ahk

Filesize
429B

MD5
248b58535f55eb55d9baec04a384b5e6

SHA1
76d067318b67da9a3da71a232a887c8935c7068f

SHA256
4d1f241a0c973e30f1bf19e71cadb386b872a14bf0c29d32d4781a56cafd998a

SHA512
0186eb49da706c6cc6f48ecd94a4996c258ecea10bed26b9c79bddf0f7eca32df1449166309237859ca2508427bf79d447a2202eaeba211228da9822646cf23a

Download Submit
C:\Program Files\AutoHotkey\UX\inc\identify.ahk

Filesize
1KB

MD5
3e5c97e6c3a76686329c81fba864b26b

SHA1
ec111d01a5299de2ca93c5441e92bb49d9d5e710

SHA256
f5b97911887c303b6859de44eff73780309e31e931dcba86a66aaafbe932af72

SHA512
c70ba459abb2c35edfd62dfbe6efb9c54d5341802a72ac7d6b3b63877f28a97a974b96b6de747e29909550d6ba2c5d14da40bef6d91841c5c8c5a903697307c7

Download Submit
C:\Program Files\AutoHotkey\UX\inc\identify_regex.ahk

Filesize
3KB

MD5
f27f09d324016bd49d2da38901e79a61

SHA1
f2af4ea1ca36dc4ed53ba3a5817b83d457c9029c

SHA256
c2563ab626df892398083404acecc5229300ba7dc6077b120844c65facfad854

SHA512
1dd5a6ddf87a3026f5b2d468197173af0c4e6c2eeab64113bcd2bbd56be46089e546f694fea2416aadc9c2669070b29ef26ec689dfbe73def8af6fd0de310d04

Download Submit
C:\Program Files\AutoHotkey\UX\inc\launcher-common.ahk

Filesize
2KB

MD5
65029d2c4fd46ea517b13d615a0584f5

SHA1
fb924c85e3e032b997aa86f85964516849baeb27

SHA256
220629b006d13b24afb3367abeea424c5b4103ac0c5a137fdc9d98047cdd908f

SHA512
c1346142f1b6dd5bd9a0d8cc9aac843e117f646f09a7ac40488ab513781d0162504249d7305e63080363bd273ffbb9d5f29c6dd860b9a80928aba944cfd51a0c

Download Submit
C:\Program Files\AutoHotkey\UX\inc\spy.ico

Filesize
4KB

MD5
eeecd8af162d3f318496e0e60d6d8c57

SHA1
31a99c80e4f1033914ce9344e95b84571f76ad2d

SHA256
968473df8eac7264d9e84e6ae91a4d706cda9f89f345d182617b161ef4fe1a7b

SHA512
6f55968adf7f2f02e128945016ed0c4d003c9640e4cbfc7b22b82374647e6ebdb07c02e99240da369789f4107d2c130e54d4acb1324455fd26668c4d1d009884

Download Submit
C:\Program Files\AutoHotkey\UX\inc\ui-base.ahk

Filesize
4KB

MD5
f4251e653dbbbdd8cf4640bd9855c207

SHA1
d08b6e5796150aa1436fd3da39bfc5fdbaaee297

SHA256
deffd87d99ff125eccac2331a8ba4e3a0044e150e80316e9469dd57f322beda1

SHA512
86896ccb0acbd27eeefe6e02747958cafcca31541638435dfe9f08d89b763144f6b5fb521df11dce4c3f46b186de4905f56ebcc7c57d4c29ef2a0731a6492698

Download Submit
C:\Program Files\AutoHotkey\UX\install-ahk2exe.ahk

Filesize
1KB

MD5
c90bed0679b789b74e4865ae6f2709a3

SHA1
b0dbee6a237ba93daec76a0553cd3254821d60a1

SHA256
c242ebb51241acab13152d95cdb05be5382ffb97f3dca2da3a4e5a084c2e3ff4

SHA512
f8dfe5c558b427e05905b2a3d8a09632347edf945d47ed4fc82ec38a9045f5837a798ef669f0fdae6504d9eee6762c49c8e6c32adac0f6a3e6c2eed6d48e64b2

Download Submit
C:\Program Files\AutoHotkey\UX\install-version.ahk

Filesize
4KB

MD5
30b87fbfadc592c38be9d82edf597fa3

SHA1
1ff5d720858a38bdd2e21a5a492938c07b2811a5

SHA256
1e59921bcddb3c41651eb01605cdefcdee3c6adec5db6b7cafb7ab801ead5e1e

SHA512
79a407cad251f45d13c0505cdf7e27a281455e3eefe1f7fc5aedd658297351ac7dbbce21065a29ed9d86c6b908a175cd83201e0d60e972865e6258c2f8c145a7

Download Submit
C:\Program Files\AutoHotkey\UX\install.ahk

Filesize
40KB

MD5
a3caa9963c9133c2a14a4e36d62761e3

SHA1
7034faaf46b2fe7c36370eaf4677357bb0950a57

SHA256
f628edfece15db0061fdfe96724266a3cfaaec396524a94b574e22e6e3970c40

SHA512
90212e732a55b7d478ff4e5b629ac950656290cb81500ba47d8282091963899b15117d0ce4db36f9bfe4ab93235374f797aa09d4f20f70f156458e9911867301

Download Submit
C:\Program Files\AutoHotkey\UX\installed-files.csv

Filesize
2KB

MD5
9b05d46a980f3b59827214de18d05a58

SHA1
d1850685b64b8ce843215af3f78ec5fe39233f74

SHA256
0ed151a798b953bed3e23dd1c04df49f8fbc5c27913dac2ee707c0931706a87e

SHA512
20b4bd00f726d8cd50ced2c9893fad04e173929207f80a12d79a5c424c9b2be000f6f50700c2be317e4733ca1b5a241b0c938e6ff47cb2bda4c57aeba8c6c062

Download Submit
C:\Program Files\AutoHotkey\UX\launcher.ahk

Filesize
17KB

MD5
596b69069bbbcc9a22ac26bba6efe546

SHA1
694cec54200ff1ec70dc56320c577b652884b53d

SHA256
830db4be4c8320f23ff32316dac933d4e72d9056ea5a819cc12c38614da6e06f

SHA512
1c18acf4403915c6a2562f5e26c0ed7c4fc00e9d67d19622d1db8bb9338ff6d6e8bf9abe7317f1b529ef1c24901b45c3b13dc3b734d97582c91b206bee9aa8f8

Download Submit
C:\Program Files\AutoHotkey\UX\reload-v1.ahk

Filesize
556B

MD5
35f4753a58432446b99bf89a9e930bf5

SHA1
babc3341d9d95865a36ea9a20549a61146093006

SHA256
e4659306a755b583e9cef5fdba3b3eb102d8939fb028afd91aad4496e758fad5

SHA512
ac3483a17ead5173ce40a6af55c3c2361652fefd94c0bd82e004df8186ffc31eab194534a25fe995d677f2f71363095d177c01afb6ae50f2b63ba156855ef5e5

Download Submit
C:\Program Files\AutoHotkey\UX\reset-assoc.ahk

Filesize
2KB

MD5
0299132478b49e3eb706c214bf32e62f

SHA1
9705c410b9f515269c512c64129ced8e0b1b23d2

SHA256
d26caef44190e0b612c3e4309ff6689dc2953c72cb3de1c94d002250b089f16b

SHA512
2a9ce8ee71ab207dbf4c4fcc2634d49233304da858c7880813a2127c2a063dc58703d4b2129498db630d081e1d72f899d348c01dbbcc359d92ab720b89ccdc44

Download Submit
C:\Program Files\AutoHotkey\UX\ui-dash.ahk

Filesize
6KB

MD5
669bd791c5aafb60ee0885ef064d3622

SHA1
acefb3c3997e2eadd32413814e71aaaad5a8b6d4

SHA256
e8c0b4e149ad58c57e77aac12041f1fa8bc9f25c6d642d12837efc5fd97b8d21

SHA512
eb0345b3562523c58894752276938c7e5ee63b7c3a660317c9a4c1a93b6e530b12015dd380a8a230324b94a9f042380c1a1d24b49d21c3805a4711cb185a33db

Download Submit
C:\Program Files\AutoHotkey\UX\ui-editor.ahk

Filesize
8KB

MD5
82eb574294ff4e2e7461b95f5bad0a87

SHA1
a981373ef3bd61ce5a2f0ad9bedaa1cf4acfd591

SHA256
7263286eb3a42eccf5edc39b43c74a8bf7c82f2671204d1ae654236c1de3f05d

SHA512
1c54e110b384d55ca0243ad343e69d1f0fa9b2a863af8da75a5c992d19f9e055182bba09be227882f82d0ebf4ec94094723e2db06cdf7ee2ed574348a8d72c74

Download Submit
C:\Program Files\AutoHotkey\UX\ui-launcherconfig.ahk

Filesize
8KB

MD5
57dcc5f7853cfd0bdd49f35d1f86897b

SHA1
e7cc5a9f5f689054469c670cd4efee2889d26968

SHA256
179c96d787fae5dd26cdf832e5226142ab3e4f1ff53e3b1f24cecddcf3e79947

SHA512
742fcfffa94752fcdb37b28749c9fc7e43f1e467470fb3fe59aaab2a29fbecbe29ab113481fc5d009ada059975bba00d294442ec13437cef588179b7e88fb116

Download Submit
C:\Program Files\AutoHotkey\UX\ui-newscript.ahk

Filesize
10KB

MD5
1b88198b4bd36eb25e23dc412321a555

SHA1
d3b5670d1bc7343ae40ad087bc22309dc17e118a

SHA256
31249ef15cce83d150a9a5de11168a5052ff2c55dbd574b8df1c054510b61843

SHA512
409fb90d7ea768c9d9a2574c09b8a69c93e8afd76234c24e3e0f71aa3f564a4f1aa46ff18ea328b1afccab54604bb239d37249d5811e3a84f0ab692b032a732b

Download Submit
C:\Program Files\AutoHotkey\UX\ui-setup.ahk

Filesize
7KB

MD5
dd3f9c2f9115689f4350896752f15926

SHA1
fa19f1632b865b2bc098611a8be66e9f10dc692b

SHA256
68b114a2ea4af9df54709a78ec5991a1f271097b29cb93757403fdb158746bc7

SHA512
12f34d5ec7a7d5452eef97e4c87093240050756c564140874d316d0b9d194c961debe139badc943b024b680b68961ef6cbe71fc1a567c6622797f90ed51fa549

Download Submit
C:\Program Files\AutoHotkey\UX\ui-uninstall.ahk

Filesize
2KB

MD5
0fe4932669e99a498a7bc76975919000

SHA1
e0d6a7b484d3a6c0d7427f611c575f93e4f87ba4

SHA256
1e09fc4af5dc3e673d4facfe4fa849c6bdd0b29c67b0efd7f96aaf387fcef698

SHA512
dd3b99739106953608ac2eb2ecc4e3d316b5122b1b305bd7cfab82fcc7ec0d92b5944f4724d37cbc01ca5c6b5381b57fad9256586b5dfd0026453f9c11a32394

Download Submit
C:\Program Files\AutoHotkey\WindowSpy.ahk

Filesize
159B

MD5
e5918a52b52ca3ce2e99788a26477984

SHA1
87c2b54b65663e1e29e866224faeed7e8bac759b

SHA256
c1908cfc4b224b3bc8d1a5c67cfe4acdb4e738d8acf98560905afc412981c18b

SHA512
4f320cbea5adfed4b07012e04281e8713689271932b26d3886e3519389b15e2adadb87217c5bf09b080d3db976c77accf555493b7eab5ceb45bc59131772f8e6

Download Submit
C:\Program Files\AutoHotkey\license.txt

Filesize
17KB

MD5
e3f2ad7733f3166fe770e4dc00af6c45

SHA1
3d436ffdd69f7187b85e0cf8f075bd6154123623

SHA256
b27c1a7c92686e47f8740850ad24877a50be23fd3dbd44edee50ac1223135e38

SHA512
ed97318d7c5beb425cb70b3557a16729b316180492f6f2177b68f512ba029d5c762ad1085dd56fabe022b5008f33e9ba564d72f8381d05b2e7f0fa5ec1aecdf3

Download Submit
C:\Program Files\AutoHotkey\v2\AutoHotkey.chm

Filesize
1.9MB

MD5
5836544d903111b9f15f3007ecf24e75

SHA1
562e99a9591b6adda5dc892b35923f6d99582fa3

SHA256
e18dbc5445fcd079fdbb189ba53c48ccff8fb8723fca39c353e9c99fdee38b85

SHA512
837aaf2d66c8a0964a6b979cbf0d90f64dd20996e59c771d7ea47b9bb949bc017b14585b07b137c0b60842f846004b53f5a5b1fcdf9c78dd8e38e8b60eed9283

Download Submit
C:\Program Files\AutoHotkey\v2\AutoHotkey64.exe

Filesize
1.2MB

MD5
d0cc6a21113957474e095fca77d75abd

SHA1
ea84155577bc74bf65d902425c15543509c80f4b

SHA256
70031669fef8c365a243322c52df9c3f854271489e67c5a9fc3139f56bc357e9

SHA512
2ad8fdbbf79934560b42ac6064d86276a7e24f6d8610d163b4d551e736b72b8dd6070e0e0b21599f781ef638be9c3d6aff8e8e3e9b7a2c00be948477b6558934

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ahk2Exe.lnk

Filesize
1KB

MD5
aff12554d35bdc34d0d70a2113d8c703

SHA1
30a3a991588fb34e16e61b8b3c4110ad20754ac7

SHA256
34b9fb70dc392daf5a97a3dab99985330128c427a5e9c16aaa98f65903739f6d

SHA512
b6b84bd684e3d603c5beed23c74bde2f891d9aed375a4a83001b9d3b63c5293a700a98e7a93b3d01ce1d3eba813e971f161754c9a2f3211404af09b8471d60cf

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey Dash.lnk

Filesize
1KB

MD5
000bb23fd6268c8998696d9607b4b83b

SHA1
5d364a47f8c466c2e26b39afe3a158ecded4a0a0

SHA256
8f721e4013108d74f87d85ec5bd271095c2eab3acc55dcf7afa9280cf9bfeb01

SHA512
2833559775d7990baba7416ac8bd752307c818e59684bf81f6de1018f35cf2f53cda265545cf2053a89681ca977a8213c9c23368ffc59b732cf91a28ed7d04a3

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey Window Spy.lnk

Filesize
2KB

MD5
dedfd31ceefedbc67fbf19015fdbdc38

SHA1
9c1324a1b999540f260953e5b6259c2fdc2f0679

SHA256
4768ffce1429feb58af5e0fdb868c447087a703a54315cbbeb759a1c6f94ce34

SHA512
0711522817fc3696456b79a5cd6fe0c8090f29ec9d376e4ad66eab3d712c525f00ff45722f60e3fc74e2674d0637222287e9e000ba325f3a5e12fd6c0ca633e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
539886bc16a60cc4e10e64154cc0ace2

SHA1
3a62fd877645d17d052638bcfa46012aa379a285

SHA256
5d71a421aec6863cb838b02afeb3cd410a609a89f7c46d5ac2280dd4c717c807

SHA512
0b379a971ba92b5311e22fc800cd795c57cc4231fb34fa794244504d7ae2b2d752b459382352b46a44abaadb7c1aa62c06a54485e963529ae7eb289fc101686f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
cedeb794641137e6dbd30dd23336168c

SHA1
b5f02c488c4c1495d603b468890ac202520063e6

SHA256
64e1d0bf00ff1a670caa7d316a9060140739139250e8d14988d5a3227d3c5528

SHA512
a9656da4ae85670f2731a49209a116d7be0dcb6c3ffc51885a0002b22a818c952cdc553a415385f251a8b0f95ae8c2fd11638fbf8847fbd24103ed2084302a28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
ea9cbd9dd77bc02a48880facdf4a8607

SHA1
cfff97d02369d9a3705f1fe4fccc468ed1f54cac

SHA256
c5f7e3e7e0ad73809f4bb059ac2b315857ce93f6ce0c97c9a7a9ea856b5ff54e

SHA512
997767e0e27ff9058879d6794fef3c81d529cb19faea72a3cb0f279678e5b56f553c5a6e3c6bfeef1319b3d717b808121013f742f2849a9ef9a93197e8541ebe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4b91f118546f2494116962348dee891f

SHA1
a35da821d152d89fedc222aa7b5ac65d4bef0dd3

SHA256
cfa5a909dc3cc28ba0f9125a685e902886e3c84aa05956530797802e6dec8c10

SHA512
64bcb6ac0271e904c368f740109c8a662b1b4f25ef9147c141258b1df9d1a4a1f723a6ce8fb9ab89eb71e8251c9b7632ac47f54f179cee7c0936f706f112bb49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e4153c97313cf381f3393f286b822ffd

SHA1
93366a02ef8b5e80c631618a4069f78de3f2f5c8

SHA256
754b8d3d6eda29c9254faaffbf8665f147b4f1f86484bb93d7f1eddfa9551f24

SHA512
389ae8abf39e1fde036a32053441848013c699cb14e3de81ec14ceac5eb1ea3bdf82dbec9835095fee5f8d39c3c7226b0d8c8a652076de8c70b22bccea3741aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7840b5e0bf068565260be98b2bc60298

SHA1
a6589e1f54ed2acdf8d04aad0c66a9b091e7bf5b

SHA256
c0799ff2df5fc006eb95d5385df967d286c80776377934d2ce27a114da7a21d7

SHA512
c154634952c68c1c38554e0ee3b8eb80cf7ff3b302a9305dc88606b68377c3f23625980f4a7a97ac104bdd7bdd0ac1bddffbf3a29093e4d7f7d36cf683a07397

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
78f9adb89d65981d4fa19b75fa51388e

SHA1
9a8859c52d098ff5cdee313d770d13e9d695f9db

SHA256
76dcb980f3f3e8a3bac52c5aac6b2b7fb9a55d67456503a5f012c7c18135b21d

SHA512
e33cd7ccedc992e367a32ec0c914bbeac07af1525aba16bf31c1c757d1c20bbc37f467eb9bc96b9da08452fd1af74aec9cb6703d4d0ebdb6d533336ae1e40312

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4ef9b859ef93b0e4028167c2d2a145fb

SHA1
e4da1f5a1cfaa2ee48221535dfa4ac792e682c06

SHA256
10c5b7db006aca32fbdaa64887574df1667f096b1019b77de40904fdc5fd1620

SHA512
4f6f2ab00eedf973b6f7b6b0d715c2f689bfd73e0e5d66ac00aede3e958726c5657202726d3c8e419e6fd215415a00cea9e33381900d3c95cd1941eb66e778b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1e42345e2f05220f28548f17b2c9ca8a

SHA1
09a6170c6dd54a8060c9d31f6cf64d45d1465548

SHA256
7aaf65c24483e113add256b119951da1e9f9f224b5daf8746e9ac2c97fc2ba4f

SHA512
726ea8848201fb7567129fb85260c6deff7062a9b40bc2295e686256b15278bda527c8f456264dfaadcd1c7a25adb662fd550a6c64fd1e1acc6eca1fa9d49229

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58311d.TMP

Filesize
874B

MD5
11635d16bba8d48df170de22548d981b

SHA1
56c165529f70a22fb091393da9d69131df07be02

SHA256
2d209f19d41b9ea38a8a2cddf0b096cae510f4ea78494b10404378081d5456a7

SHA512
a72df7445685d1f6b718548101acb8e07d8a0d515a003e2cadd4574f937c7ef553ee2db2efe060c0b66ac73642e08551e88d4404a212c53770c81728cff18e9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
152d45d5f3e210cc58b1721198ffd0b4

SHA1
6e3f1dc90bae8e5707e2b62b1093e00d3150a7db

SHA256
80987226d193f81f58006636215d485d45077ef743746e09b10af412b4e957b7

SHA512
f9dde7b7ebb2879727aba488cc3a622171241b70c67ebb5427e4c9369813c210b69cd228d99f28fc9c5eb346e1c1ed201dcdc976af3dde4f46d2404c953383c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
536a61b624388dccdbd7da682c5c318e

SHA1
a2233ca36e5bc6a095c8642a4be00a7df14ca13e

SHA256
b3826b904b7bd44759a0936366be2059b09ca8eed3fafa68f32dc58dd5924335

SHA512
f9593b60692f4238d7640441b01f87f5be7b77e2db001dad45acc313e7ed95aefcdb6582aed7b57a685c6068afd320e4ed91dd6e250ca99a0a95f8f8381f3f22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
39da2ec9fcae8fc58712906a0b77d229

SHA1
73b1f0259263a9cfc3ab4f2b17e812e240ea964f

SHA256
4e52fad014db3bcd0bb4bbfaf66fce4a6e3a68ea23553f96f805a1c224f6806b

SHA512
c97fab124946a0b1b27a885d741476e9672dcf8b26d342ba31223dd3f5ce9b501285294136dc28c9c33ae9f743ec262c6e2a8bff221c775e5f2f8bc5e0664a3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z9CEAE4B8\AutoHotkey.chm

Filesize
1.9MB

MD5
17d5e275dbc8278d888f7da1d681d7e3

SHA1
245cd35e6caa42fdd3936d2122c7464c877d6591

SHA256
de37a93068ca25701b3413eab0f01fa1646d2dab0346d78494192e95d94ad521

SHA512
041420c5fcba5d2fa5e2d549319948eb77b416cb32ce848218b2681f3bdb5a7ab50d795cfdabd068330f6a4f16812ae91564d654a958b0f0bb188d11890c4ad2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z9CEAE4B8\AutoHotkeyA32.exe

Filesize
775KB

MD5
fd94b77958305a1ac3eeac27ee765256

SHA1
bdf7f5633cd529186c7c9c87c120a58c35515d2e

SHA256
6a98b438b67da7316e9251eb1a92cd5384a8349d239a77903f7282fa076a77c3

SHA512
1e97ddbe9374513ec9a1f51313efb3621f81a309bf78982688b4c19aa389f0b422a604d8adcd84dc1ba28f44135d30edde06e32705fe02762e92cf2bbc725a91

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z9CEAE4B8\AutoHotkeyU32.exe

Filesize
893KB

MD5
b6af97aa32c636c3c4e87bb768a3ceb7

SHA1
83054af67df43ae70c7f8ac6e8a499d9c9dd82ec

SHA256
ba35b8b4346b79b8bb4f97360025cb6befaf501b03149a3b5fef8f07bdf265c7

SHA512
54d2e806503f8a4145ee1519fc5e93cef6bf352cf20042569466f6c402b0a402bce99066decd7729c415cd57da7a9923a1b65926b242672731fe2f9709cf6920

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z9CEAE4B8\AutoHotkeyU64.exe

Filesize
1.3MB

MD5
2d0600fe2b1b3bdc45d833ca32a37fdb

SHA1
e9a7411bfef54050de3b485833556f84cabd6e41

SHA256
effdea83c6b7a1dc2ce9e9d40e91dfd59bed9fcbd580903423648b7ca97d9696

SHA512
9891cd6d2140c3a5c20d5c2d6600f3655df437b99b09ae0f9daf1983190dc73385cc87f02508997bb696ac921eee43fccdf1dc210cc602938807bdb062ce1703

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z9CEAE4B8\Compiler\ANSI 32-bit.bin

Filesize
704KB

MD5
31ed560d3edc5f1eea515c4358b90406

SHA1
36efc45f806ee021ef972dc80932f13f532d9ccd

SHA256
f5a5c05bf0fedcc451ade5676a5647e828a6f08cf6c21970e6c035f4311b5a3c

SHA512
cb410bad3297493b68e51677b920a808393a30096eefd1cb2c7cf07c8432c78658e803099841be8167eff3f42475b765992da7c11a31e39108ba49010b07ba6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z9CEAE4B8\Compiler\Ahk2Exe.exe

Filesize
972KB

MD5
78515b1091f74c0f828aed92d3c972b0

SHA1
0103e030518db102631310ce4e2eb7673d7a1994

SHA256
754a28ed76a7b4eba7909b146cfc4c4c2aa43aff54e10a5cd6dbc939c0732b6a

SHA512
8edcfe6a59d56d69f0fb7672410fcb24fa0722a5d651f076a3b76a424140e162a213fb038c995ae9c2024929c88aa1fbd979694a485163c2d3f8ca3be75502a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z9CEAE4B8\Compiler\Unicode 32-bit.bin

Filesize
822KB

MD5
db213c2dc5d0f542a1e925f09c021e05

SHA1
41bebccc1dd9c44c4407892daa3d3fe44c2216d7

SHA256
2d193510b56fbdb8530f8ded2f1c9fb982df971dca5fad1f24f558be16a4f804

SHA512
dd0977a599359f577c5a52d0f86092a12488f291613a0d4812fca64e0553c4d61501d5213e7afd1a62c62da8470e4453f8d1ea2bbea0be74ab223bd4b47e97cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z9CEAE4B8\Compiler\Unicode 64-bit.bin

Filesize
1.2MB

MD5
30da2df436169d6f09732e61d8849a05

SHA1
25694362dfa391caf55733772ca61a95978d507c

SHA256
6e7c9ae1daabdb958a4d9c8e7297ba956c9504b5f76ce61fc31281f5bb0b0b55

SHA512
134b616b01a18f9451cbfd947d6dfcba21a31615a5cb513a29c6e5f77d8bb2776e868a215f7f533b1bac6a82536cd8838db7b1f69025735cbacf94afce158066

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z9CEAE4B8\Installer.ahk

Filesize
65KB

MD5
015d8f0a9ba93e41f418b8db8bef6a10

SHA1
06d35e419dc82f91d123f129b88ff46511d1cf2b

SHA256
ef88ba74aef53793937ddfaaca4908772fbaf2e7c9bfb5fdeb3c0a6b95755cd0

SHA512
cd034768b35fdb96251563cb87cddbfa63c55bfb798aa8ec6fdd9faa6b0155d6b42bc30ace6fe9034aac45ba3abc434613df2cb0e07a4b1b0bf0ed8ebb2e71d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z9CEAE4B8\Template.ahk

Filesize
324B

MD5
a85eeb1dc6f9a33897c407b4240dc20f

SHA1
be409c1ba630f2f11ab31e5f42c8a90ab49e8d8c

SHA256
23e5115a25e2d539057443b0f0e9740b9ae85d7de0da204f1d739c9b2e206058

SHA512
9ecaf71105745739d79207313bc837ecb9fe63cd1cb66e75808e615dc58f5d931f9744fbb04c74085a8cb03142ce43611af7763e8b21e4821a32a58b0d64f77a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z9CEAE4B8\WindowSpy.ahk

Filesize
5KB

MD5
32020e55548b1e9e7ce22899617d5cd2

SHA1
6aaeb5009dfae698449449e560feda2257187fd0

SHA256
4688629be394986c8dbe6517032429e6e8cdd9f5801ddb1ac1f53e6fe86eee7b

SHA512
12b5ec622a7f5d3b07d7db821002e4d7886095be0274509d721040812bcf01348daa6a6c9db485d6ac6b58f9684443db0a31963433a33cd3e8a3c7c2e3119475

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z9D9567A8\setup.exe

Filesize
872KB

MD5
b98ee9e00b5546763f9c6e65e436f6e6

SHA1
a28e2b0ba6cc748d166b2eb6d0c8acb0bd3b9f3b

SHA256
6d876c526b5cbc5dc5341c1011b1c91639597f46677a1d42426f4a52dfea6756

SHA512
556e632fe39231622398c5afccc51d01f25bc430705a126737877ed9f354c7076b5bf3cbac27f8a1c4db4d326b6a8848fae4b8d6046f816597c370d06e824591

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 212694.crdownload

Filesize
3.3MB

MD5
c2e8062052bb2b25d4951b78ba9a5e73

SHA1
947dbf6343d632fc622cc2920d0ad303c32fcc80

SHA256
49a48e879f7480238d2fe17520ac19afe83685aac0b886719f9e1eac818b75cc

SHA512
c9a5ea57842f69223bd32a9b9e4aaad44d422f56e362469299f56d8b34b5e8bbf2b51d4e64d2bebe6c95d6d8545a8a88e6107b9b0a813e469f613e1353aad7a4

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 420507.crdownload

Filesize
2.9MB

MD5
71e486a03ab282b75886e3712ebb1efa

SHA1
33501837a85ea22f98723746aecf5199865353f9

SHA256
a30af310f45d4076cf1580bb08015db9a1337ddc1a99cf61829e645b196e8b2e

SHA512
855e76b756a5b3d2a465a900fe146eaa7113fe45a7b8c88e057b8d4f975b2b08b8b6b11ea1a697fc7df2fea3f6f0772e6c356e109240bb4e655efae7dc407f55

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 739467.crdownload

Filesize
25KB

MD5
36ddfbe29f2fd3366ca298b350a6cb19

SHA1
0b5c4d270dc47b4ae1b1f59f85b8617bf8a7b036

SHA256
4acb8e96da33a31d5f8384635cc994bebac071f16093ae6ed7f909f6a3bf7218

SHA512
54760d5e130e90a07c238fceee800da27d567671a22bdf6ab7f6f21a148f072e7b2f07d7e74e55f32d7d8e4c52779882ae6681a0653e2fcd564a7dafc94593ae

Download Submit
memory/3612-542-0x0000000000400000-0x000000000094C000-memory.dmp

Filesize
5.3MB

Download
memory/3612-721-0x0000000000400000-0x000000000094C000-memory.dmp

Filesize
5.3MB

Download
memory/5204-318-0x0000000000400000-0x000000000094C000-memory.dmp

Filesize
5.3MB

Download
memory/5204-330-0x0000000000400000-0x000000000094C000-memory.dmp

Filesize
5.3MB

Download
memory/5312-731-0x0000000000400000-0x000000000094C000-memory.dmp

Filesize
5.3MB

Download
memory/5728-823-0x0000000009040000-0x0000000009797000-memory.dmp

Filesize
7.3MB

Download