Windows Analysis Report
AutoHotkey_2.0.12_setup.exe

Overview

General Information

Sample name: AutoHotkey_2.0.12_setup.exe
Analysis ID: 1417389
MD5: 2cdbe2b76a36b976e9980fb4733f1052
SHA1: 64bbb4dbeed8639b272a73c2cad0f9155f42115d
SHA256: 4e1e3123dd85d3ac65a0803b08dd89b9b12b5a00b9f566782855332d03e5fe26
Infos:

Detection

Score: 76
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Contains functionality to detect sleep reduction / modifications
Hides that the sample has been downloaded from the Internet (zone.identifier)
Installs new ROOT certificates
Machine Learning detection for sample
Sample or dropped binary is a compiled AutoHotkey binary
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to detect sandboxes (foreground window change detection)
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May check if the current machine is a sandbox (GetTickCount - Sleep)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Register New IFiltre For Persistence
Stores files to the Windows start menu directory
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)
Uses the system / local time for branch decision (may execute only at specific dates)

Classification

AV Detection
barindex
Multi AV Scanner detection for dropped file
Source: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\AutoHotkey32.exe Virustotal: Detection: 13% Perma Link
Source: C:\Program Files\AutoHotkey\v2\AutoHotkey32.exe Virustotal: Detection: 13% Perma Link
Multi AV Scanner detection for submitted file
Source: AutoHotkey_2.0.12_setup.exe ReversingLabs: Detection: 34%
Source: AutoHotkey_2.0.12_setup.exe Virustotal: Detection: 35% Perma Link
Machine Learning detection for sample
Source: AutoHotkey_2.0.12_setup.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: AutoHotkey_2.0.12_setup.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\AutoHotkey32.exe Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\AutoHotkey64.exe Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\AutoHotkey.chm Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\WindowSpy.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\license.txt Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\Install.cmd Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\install-ahk2exe.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\install-version.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\install.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\launcher.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\reload-v1.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\reset-assoc.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\ui-dash.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\ui-editor.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\ui-launcherconfig.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\ui-newscript.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\ui-setup.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\ui-uninstall.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\WindowSpy.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\bounce-v1.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\CommandLineToArgs.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\common.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\config.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\CreateAppShortcut.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\EnableUIAccess.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\GetGitHubReleaseAssetURL.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\HashFile.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\identify.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\identify_regex.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\launcher-common.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\README.txt Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\ShellRun.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\spy.ico Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\ui-base.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\Templates Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\Templates\Minimal for v2.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\v2 Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\v2\AutoHotkey32.exe Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\v2\AutoHotkey64.exe Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\v2\AutoHotkey.chm Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\install-ahk2exe.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\install-version.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\install.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\launcher.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\reload-v1.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\reset-assoc.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\ui-dash.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\ui-editor.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\ui-launcherconfig.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\ui-newscript.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\ui-setup.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\ui-uninstall.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\WindowSpy.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\inc Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\inc\bounce-v1.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\inc\CommandLineToArgs.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\inc\common.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\inc\config.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\inc\CreateAppShortcut.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\inc\EnableUIAccess.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\inc\GetGitHubReleaseAssetURL.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\inc\HashFile.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\inc\identify.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\inc\identify_regex.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\inc\launcher-common.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\inc\README.txt Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\inc\ShellRun.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\inc\spy.ico Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\inc\ui-base.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\Templates Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\Templates\Minimal for v2.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\license.txt Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\v2\AutoHotkey32_UIA.exe Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\v2\RCXC8B7.tmp Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\v2\AutoHotkey64_UIA.exe Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\v2\RCXC9D2.tmp Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\v2\AutoHotkey.exe Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\WindowSpy.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\installed-files.csv Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoHotkey Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\license.txt Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\README.txt Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File created: C:\Program Files\AutoHotkey\UX\inc\README.txt Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File created: C:\Program Files\AutoHotkey\license.txt Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_000000014009D920 FindFirstFileW,FindClose,FindFirstFileW,FindClose, 2_2_000000014009D920
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_0000000140029230 FindFirstFileW,GetLastError,FindClose,FileTimeToLocalFileTime,FileTimeToSystemTime, 2_2_0000000140029230
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_000000014006C3C0 GetFullPathNameW,GetFullPathNameW,GetFileAttributesW,GetFileAttributesW,FindFirstFileW,GetLastError,GetTickCount,PeekMessageW,GetTickCount,MoveFileW,DeleteFileW,MoveFileW,CopyFileW,GetLastError,FindNextFileW,FindClose, 2_2_000000014006C3C0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400295E0 CreateFileW,GetFileSizeEx,CloseHandle,FindFirstFileW,GetLastError,FindClose, 2_2_00000001400295E0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_0000000140029780 GetFileAttributesW,FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,FindClose, 2_2_0000000140029780
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_000000014005C950 FindFirstFileW,FindNextFileW,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose, 2_2_000000014005C950
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_0000000140028F30 FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose, 2_2_0000000140028F30
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014005C950 FindFirstFileW,FindNextFileW,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose, 3_2_000000014005C950
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014009D920 FindFirstFileW,FindClose,FindFirstFileW,FindClose, 3_2_000000014009D920
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014006C3C0 GetFullPathNameW,GetFullPathNameW,GetFileAttributesW,GetFileAttributesW,FindFirstFileW,GetLastError,GetTickCount,PeekMessageW,GetTickCount,MoveFileW,DeleteFileW,MoveFileW,CopyFileW,GetLastError,FindNextFileW,FindClose, 3_2_000000014006C3C0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140028F30 FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose, 3_2_0000000140028F30
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140029230 FindFirstFileW,GetLastError,FindClose,FileTimeToLocalFileTime,FileTimeToSystemTime, 3_2_0000000140029230
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400295E0 CreateFileW,GetFileSizeEx,CloseHandle,FindFirstFileW,GetLastError,FindClose, 3_2_00000001400295E0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140029780 GetFileAttributesW,FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,FindClose, 3_2_0000000140029780
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014006B130 InternetOpenW,InternetOpenUrlW,GetLastError,InternetCloseHandle,CreateFileW,GetLastError,InternetCloseHandle,InternetCloseHandle,InternetReadFile,GetTickCount,PeekMessageW,GetTickCount,WriteFile,InternetReadFile,GetLastError,InternetCloseHandle,InternetCloseHandle,CloseHandle,InternetReadFileExA,GetTickCount,PeekMessageW,GetTickCount,WriteFile,InternetReadFileExA,GetLastError,InternetCloseHandle,InternetCloseHandle,CloseHandle,DeleteFileW, 3_2_000000014006B130
Source: AutoHotkey_2.0.12_setup.exe, 00000000.00000002.1650316409.00000000008C6000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000002.1675919729.00000000008C6000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1662851164.0000000004C6F000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1658658628.00000000032F2000.00000004.00000020.00020000.00000000.sdmp, install.ahk0.1.dr, install.ahk.1.dr String found in binary or memory: http://msdn.com/library/bb756929
Source: AutoHotkey_2.0.12_setup.exe, AutoHotkey_2.0.12_setup.exe, 00000000.00000002.1650316409.00000000008C6000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000002.1675919729.00000000008C6000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1661477020.00000000032FE000.00000004.00000020.00020000.00000000.sdmp, GetGitHubReleaseAssetURL.ahk.1.dr, GetGitHubReleaseAssetURL.ahk0.1.dr String found in binary or memory: https://api.github.com/repos/
Source: AutoHotkeyUX.exe, AutoHotkeyUX.exe, 00000003.00000000.1672423841.00000001400FB000.00000002.00000001.01000000.00000007.sdmp, RCXC9D2.tmp.1.dr, AutoHotkeyUX.exe.1.dr, install.ahk0.1.dr, install.ahk.1.dr, AutoHotkey32.exe.1.dr, AutoHotkey64.exe0.1.dr, RCXC8B7.tmp.1.dr, AutoHotkey32.exe0.1.dr, AutoHotkey64_UIA.exe.1.dr, AutoHotkey32_UIA.exe.1.dr, AutoHotkey64.exe.1.dr String found in binary or memory: https://autohotkey.com
Source: AutoHotkey_2.0.12_setup.exe, AutoHotkey_2.0.12_setup.exe, 00000000.00000002.1650316409.00000000008C6000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000002.1675919729.00000000008C6000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1661601618.00000000032F8000.00000004.00000020.00020000.00000000.sdmp, HashFile.ahk0.1.dr, HashFile.ahk.1.dr String found in binary or memory: https://autohotkey.com/board/topic/66139-ahk-l-calculating-md5sha-checksum-from-file/
Source: AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1675115571.0000000000EBB000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1674958594.0000000000EB8000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000002.1676929026.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://autohotkey.com6122658-3693405117-2476756634-1002
Source: AutoHotkey_2.0.12_setup.exe, 00000000.00000002.1650316409.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000000.00000002.1650316409.00000000008C6000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000000.00000002.1650316409.00000000004CE000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1657426465.00000000032FB000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000002.1675919729.00000000008C6000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1667999256.0000000005ADE000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1666681857.0000000004CE0000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1658294710.00000000032F0000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000002.1675919729.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000002.1675919729.00000000004CE000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1656985053.00000000033C1000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1662797233.0000000004C90000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1666211341.0000000005BAC000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1656610056.0000000004C90000.00000004.00000020.00020000.00000000.sdmp, AutoHotkeyUX.exe, 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmp, AutoHotkeyUX.exe, 00000003.00000000.1672423841.00000001400FB000.00000002.00000001.01000000.00000007.sdmp, RCXC9D2.tmp.1.dr, AutoHotkeyUX.exe.1.dr, AutoHotkey32.exe.1.dr, AutoHotkey64.exe0.1.dr, RCXC8B7.tmp.1.dr String found in binary or memory: https://autohotkey.comCould
Source: AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1654219063.0000000004C50000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1675253556.0000000004C4E000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1669568690.0000000004C50000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000002.1677686567.0000000004C50000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://autohotkey.comx
Source: AutoHotkeyUX.exe, 00000003.00000003.1673973935.0000000000170000.00000004.00000020.00020000.00000000.sdmp, AutoHotkeyUX.exe, 00000003.00000002.2844452266.0000000000CE0000.00000004.00000020.00020000.00000000.sdmp, ui-dash.ahk.1.dr, ui-dash.ahk0.1.dr String found in binary or memory: https://www.autohotkey.com/docs/v1/
Source: ui-dash.ahk0.1.dr String found in binary or memory: https://www.autohotkey.com/docs/v2/
Source: AutoHotkeyUX.exe, 00000003.00000003.1673973935.0000000000170000.00000004.00000020.00020000.00000000.sdmp, ui-editor.ahk.1.dr, ui-editor.ahk0.1.dr String found in binary or memory: https://www.autohotkey.com/docs/v2/misc/Editors.htm
Source: install-version.ahk.1.dr, launcher.ahk.1.dr, launcher.ahk0.1.dr String found in binary or memory: https://www.autohotkey.com/download/
Contains functionality for read data from the clipboard
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400078A0 GetTickCount,OpenClipboard,GetTickCount,OpenClipboard, 2_2_00000001400078A0
Contains functionality to modify clipboard data
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400070F0 GlobalAlloc,GlobalLock,GlobalFree,EmptyClipboard,GlobalUnlock,CloseClipboard,GlobalUnlock,GlobalFree,GlobalUnlock,CloseClipboard,SetClipboardData,GlobalUnlock,CloseClipboard, 2_2_00000001400070F0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400A05B0 EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalUnlock,CloseClipboard,GlobalFree,GlobalUnlock,CloseClipboard,GlobalUnlock,CloseClipboard, 2_2_00000001400A05B0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400A05B0 EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalUnlock,CloseClipboard,GlobalFree,GlobalUnlock,CloseClipboard,GlobalUnlock,CloseClipboard, 3_2_00000001400A05B0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400070F0 GlobalAlloc,GlobalLock,GlobalFree,EmptyClipboard,GlobalUnlock,CloseClipboard,GlobalUnlock,GlobalFree,GlobalUnlock,CloseClipboard,SetClipboardData,GlobalUnlock,CloseClipboard, 3_2_00000001400070F0
Contains functionality to read the clipboard data
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_0000000140007780 GetClipboardFormatNameW,GetClipboardData, 2_2_0000000140007780
Contains functionality to record screenshots
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400309C0 GetSystemMetrics,GetSystemMetrics,GetDC,GetLastError,DestroyIcon,DeleteObject,GetIconInfo,DeleteObject,DeleteObject,GetDC,CreateCompatibleDC,GetIconInfo,GetObjectW,CreateCompatibleBitmap,SelectObject,CreateSolidBrush,FillRect,DeleteObject,DrawIconEx,SelectObject,DeleteObject,DeleteObject,DeleteDC,ReleaseDC,DestroyIcon,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GetLastError,ReleaseDC,DeleteObject,SelectObject,DeleteDC,DeleteObject, 2_2_00000001400309C0
Contains functionality to retrieve information about pressed keystrokes
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_0000000140068600 GetKeyState,GetKeyState,GetAsyncKeyState, 2_2_0000000140068600
Potential key logger detected (key state polling based)
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_000000014000172D SetTimer,GetTickCount,GetMessageW,GetForegroundWindow,GetWindowThreadProcessId,GetClassNameW,GetFocus,GetClassNameW,GetTickCount,PeekMessageW,PeekMessageW,GetTickCount,PeekMessageW,Sleep,GetClassLongW,GetWindowLongPtrW,GetWindowLongW,GetParent,TranslateAcceleratorW,GetDlgCtrlID,GetParent,GetKeyState,GetWindowLongW,IsWindowEnabled,GetKeyState,GetKeyState,GetKeyState,GetDlgCtrlID,GetParent,IsDialogMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetTickCount,Sleep,GetTickCount,Sleep,PostMessageW,SendMessageW,SendMessageW,ShowWindow,GetForegroundWindow,GetWindowThreadProcessId,GetClassNameW,IsDialogMessageW,KillTimer, 2_2_000000014000172D
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014000172D SetTimer,GetTickCount,GetMessageW,GetForegroundWindow,GetWindowThreadProcessId,GetClassNameW,GetFocus,GetClassNameW,GetTickCount,PeekMessageW,PeekMessageW,GetTickCount,PeekMessageW,Sleep,GetClassLongW,GetWindowLongPtrW,GetWindowLongW,GetParent,TranslateAcceleratorW,GetDlgCtrlID,GetParent,GetKeyState,GetWindowLongW,IsWindowEnabled,GetKeyState,GetKeyState,GetKeyState,GetDlgCtrlID,GetParent,IsDialogMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetTickCount,Sleep,GetTickCount,Sleep,PostMessageW,SendMessageW,SendMessageW,ShowWindow,GetForegroundWindow,GetWindowThreadProcessId,GetClassNameW,IsDialogMessageW,KillTimer, 3_2_000000014000172D

System Summary
barindex
Sample or dropped binary is a compiled AutoHotkey binary
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Window found: window name: AutoHotkey Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Window found: window name: AutoHotkey Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Window found: window name: AutoHotkey Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Window found: window name: AutoHotkey Jump to behavior
Contains functionality to communicate with device drivers
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_0000000140026B3C: GetDriveTypeW,CreateFileW,DeviceIoControl,CloseHandle, 2_2_0000000140026B3C
Contains functionality to launch a process as a different user
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_000000014005FA90 GetFileAttributesW,CreateProcessWithLogonW,GetLastError,CreateProcessW,CloseHandle,GetLastError,SetCurrentDirectoryW,GetFileAttributesW,SetCurrentDirectoryW,ShellExecuteExW,CloseHandle,GetLastError,FormatMessageW, 2_2_000000014005FA90
Contains functionality to shutdown / reboot the system
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014006CB10 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, 3_2_000000014006CB10
Detected potential crypto function
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Code function: 1_3_00E3964B 1_3_00E3964B
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Code function: 1_2_00E3964B 1_2_00E3964B
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_0000000140047FE4 2_2_0000000140047FE4
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400462B0 2_2_00000001400462B0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400722C0 2_2_00000001400722C0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400485B0 2_2_00000001400485B0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_000000014004C8F0 2_2_000000014004C8F0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_0000000140005970 2_2_0000000140005970
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_0000000140051040 2_2_0000000140051040
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_0000000140037050 2_2_0000000140037050
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_000000014002C050 2_2_000000014002C050
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_000000014000C0B4 2_2_000000014000C0B4
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400B80E0 2_2_00000001400B80E0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_0000000140035200 2_2_0000000140035200
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_0000000140030250 2_2_0000000140030250
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400C925C 2_2_00000001400C925C
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_000000014001E28D 2_2_000000014001E28D
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400D1338 2_2_00000001400D1338
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400C1354 2_2_00000001400C1354
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400394F0 2_2_00000001400394F0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_0000000140055517 2_2_0000000140055517
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_0000000140010530 2_2_0000000140010530
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400C1558 2_2_00000001400C1558
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400A05B0 2_2_00000001400A05B0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400C35AC 2_2_00000001400C35AC
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_000000014008A610 2_2_000000014008A610
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_000000014000260C 2_2_000000014000260C
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400CB6A0 2_2_00000001400CB6A0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_000000014001F700 2_2_000000014001F700
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_0000000140034710 2_2_0000000140034710
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_000000014000172D 2_2_000000014000172D
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400C9768 2_2_00000001400C9768
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400C1764 2_2_00000001400C1764
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400CF780 2_2_00000001400CF780
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400027CE 2_2_00000001400027CE
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_000000014001B7E0 2_2_000000014001B7E0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400597F0 2_2_00000001400597F0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400367F0 2_2_00000001400367F0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400127F0 2_2_00000001400127F0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_0000000140037820 2_2_0000000140037820
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_000000014002F820 2_2_000000014002F820
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_0000000140019820 2_2_0000000140019820
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400C2898 2_2_00000001400C2898
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_0000000140027940 2_2_0000000140027940
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_000000014003F960 2_2_000000014003F960
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400C1968 2_2_00000001400C1968
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400C39B0 2_2_00000001400C39B0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400D19B8 2_2_00000001400D19B8
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400309C0 2_2_00000001400309C0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400ADA90 2_2_00000001400ADA90
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_000000014001DAF0 2_2_000000014001DAF0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_000000014008BB10 2_2_000000014008BB10
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400A1B30 2_2_00000001400A1B30
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_000000014004DB60 2_2_000000014004DB60
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400C1B74 2_2_00000001400C1B74
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_000000014001FC20 2_2_000000014001FC20
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_0000000140041C40 2_2_0000000140041C40
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400D5C34 2_2_00000001400D5C34
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_0000000140015C85 2_2_0000000140015C85
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400D8CB0 2_2_00000001400D8CB0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_000000014005DCF0 2_2_000000014005DCF0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_000000014003DD10 2_2_000000014003DD10
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_000000014000FD70 2_2_000000014000FD70
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400C1D78 2_2_00000001400C1D78
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_000000014005CE30 2_2_000000014005CE30
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_0000000140051E60 2_2_0000000140051E60
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_000000014009BE80 2_2_000000014009BE80
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_000000014000AE84 2_2_000000014000AE84
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400D0EA4 2_2_00000001400D0EA4
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_000000014002DED0 2_2_000000014002DED0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_0000000140029EF0 2_2_0000000140029EF0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_0000000140021F10 2_2_0000000140021F10
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_0000000140048F27 2_2_0000000140048F27
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_0000000140087F30 2_2_0000000140087F30
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400A7F50 2_2_00000001400A7F50
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_0000000140034F74 2_2_0000000140034F74
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_0000000140055FB0 2_2_0000000140055FB0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140047FF0 3_2_0000000140047FF0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140056250 3_2_0000000140056250
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400462B0 3_2_00000001400462B0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400722C0 3_2_00000001400722C0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014007E44A 3_2_000000014007E44A
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014007C490 3_2_000000014007C490
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400485B0 3_2_00000001400485B0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014004C8F0 3_2_000000014004C8F0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140051040 3_2_0000000140051040
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140025540 3_2_0000000140025540
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140085570 3_2_0000000140085570
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014000172D 3_2_000000014000172D
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400758F0 3_2_00000001400758F0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140005970 3_2_0000000140005970
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014008DA80 3_2_000000014008DA80
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014004DB60 3_2_000000014004DB60
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140083C00 3_2_0000000140083C00
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140051E60 3_2_0000000140051E60
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140097E70 3_2_0000000140097E70
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140029EF0 3_2_0000000140029EF0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014002C050 3_2_000000014002C050
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140016050 3_2_0000000140016050
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014000C0B4 3_2_000000014000C0B4
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400B80E0 3_2_00000001400B80E0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400740DE 3_2_00000001400740DE
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140030250 3_2_0000000140030250
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014001E28D 3_2_000000014001E28D
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140080420 3_2_0000000140080420
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140010530 3_2_0000000140010530
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400A05B0 3_2_00000001400A05B0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014008A610 3_2_000000014008A610
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014000260C 3_2_000000014000260C
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140034710 3_2_0000000140034710
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140026740 3_2_0000000140026740
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140080D90 3_2_0000000140080D90
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400027CE 3_2_00000001400027CE
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400367F0 3_2_00000001400367F0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400127F0 3_2_00000001400127F0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400C2898 3_2_00000001400C2898
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400309C0 3_2_00000001400309C0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140084AC0 3_2_0000000140084AC0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140082BFC 3_2_0000000140082BFC
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140082C0B 3_2_0000000140082C0B
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140082C16 3_2_0000000140082C16
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140062C19 3_2_0000000140062C19
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400D8CB0 3_2_00000001400D8CB0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140082CE5 3_2_0000000140082CE5
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140082CFE 3_2_0000000140082CFE
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140082D06 3_2_0000000140082D06
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140082D1B 3_2_0000000140082D1B
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140080D90 3_2_0000000140080D90
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014005CE30 3_2_000000014005CE30
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014000AE84 3_2_000000014000AE84
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400D0EA4 3_2_00000001400D0EA4
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140048F27 3_2_0000000140048F27
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140034F74 3_2_0000000140034F74
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140016FD0 3_2_0000000140016FD0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400AB03B 3_2_00000001400AB03B
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014008304B 3_2_000000014008304B
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140037050 3_2_0000000140037050
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014006B130 3_2_000000014006B130
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140035200 3_2_0000000140035200
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400C925C 3_2_00000001400C925C
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014007F336 3_2_000000014007F336
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400D1338 3_2_00000001400D1338
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400C1354 3_2_00000001400C1354
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400394F0 3_2_00000001400394F0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140055517 3_2_0000000140055517
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140071550 3_2_0000000140071550
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400C1558 3_2_00000001400C1558
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400C35AC 3_2_00000001400C35AC
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400CB6A0 3_2_00000001400CB6A0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014001F700 3_2_000000014001F700
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400AB70A 3_2_00000001400AB70A
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400C9768 3_2_00000001400C9768
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400C1764 3_2_00000001400C1764
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400CF780 3_2_00000001400CF780
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014001B7E0 3_2_000000014001B7E0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400597F0 3_2_00000001400597F0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140037820 3_2_0000000140037820
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014002F820 3_2_000000014002F820
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140019820 3_2_0000000140019820
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140027940 3_2_0000000140027940
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014003F960 3_2_000000014003F960
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400C1968 3_2_00000001400C1968
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400C39B0 3_2_00000001400C39B0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400D19B8 3_2_00000001400D19B8
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400ADA90 3_2_00000001400ADA90
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014001DAF0 3_2_000000014001DAF0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014008BB10 3_2_000000014008BB10
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400A1B30 3_2_00000001400A1B30
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400C1B74 3_2_00000001400C1B74
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014001FC20 3_2_000000014001FC20
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140041C40 3_2_0000000140041C40
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400D5C34 3_2_00000001400D5C34
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140079C80 3_2_0000000140079C80
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140015C85 3_2_0000000140015C85
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014005DCF0 3_2_000000014005DCF0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014003DD10 3_2_000000014003DD10
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140083D1A 3_2_0000000140083D1A
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140083D27 3_2_0000000140083D27
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140083D59 3_2_0000000140083D59
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014000FD70 3_2_000000014000FD70
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400C1D78 3_2_00000001400C1D78
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140083D95 3_2_0000000140083D95
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140083E01 3_2_0000000140083E01
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140083E6D 3_2_0000000140083E6D
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014009BE80 3_2_000000014009BE80
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140083EA5 3_2_0000000140083EA5
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014002DED0 3_2_000000014002DED0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140021F10 3_2_0000000140021F10
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140087F30 3_2_0000000140087F30
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400A7F50 3_2_00000001400A7F50
Found potential string decryption / allocating functions
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: String function: 00000001400C5CA0 appears 36 times
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: String function: 000000014000F730 appears 50 times
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: String function: 00000001400BB8A8 appears 48 times
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: String function: 000000014000EDA0 appears 50 times
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: String function: 0000000140011B40 appears 39 times
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: String function: 0000000140006DF0 appears 44 times
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: String function: 000000014000F150 appears 36 times
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: String function: 0000000140010AC0 appears 135 times
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: String function: 00000001400D99E0 appears 38 times
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: String function: 00000001400C0410 appears 83 times
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: String function: 00000001400A3410 appears 62 times
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: String function: 000000014000D38C appears 54 times
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: String function: 0000000140011560 appears 33 times
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: String function: 000000014009C780 appears 74 times
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: String function: 00000001400C0224 appears 343 times
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: String function: 0000000140010880 appears 98 times
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: String function: 0000000140011210 appears 40 times
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: String function: 00000001400055E0 appears 32 times
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: String function: 000000014000F880 appears 46 times
Tries to load missing DLLs
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: wsock32.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: iconcodecservice.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: wsock32.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: iconcodecservice.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: msxml3.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: mssign32.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: mssign32.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: linkinfo.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: ntshrui.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: cscapi.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: windows.fileexplorer.common.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Section loaded: wsock32.dll Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Section loaded: version.dll Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Section loaded: iconcodecservice.dll Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Section loaded: wsock32.dll Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Section loaded: version.dll Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Section loaded: iconcodecservice.dll Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Section loaded: wintypes.dll Jump to behavior
Uses 32bit PE files
Source: AutoHotkey_2.0.12_setup.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engine Classification label: mal76.evad.winEXE@6/78@0/0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_000000014005FA90 GetFileAttributesW,CreateProcessWithLogonW,GetLastError,CreateProcessW,CloseHandle,GetLastError,SetCurrentDirectoryW,GetFileAttributesW,SetCurrentDirectoryW,ShellExecuteExW,CloseHandle,GetLastError,FormatMessageW, 2_2_000000014005FA90
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014006CB10 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, 3_2_000000014006CB10
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_000000014002716C GetDiskFreeSpaceW,GetLastError, 2_2_000000014002716C
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_000000014006CBC0 OpenProcess,GetProcessId,WaitForSingleObject,CloseHandle,GetLastError,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,Process32NextW,CloseHandle,CloseHandle,CloseHandle, 2_2_000000014006CBC0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400342D0 CoCreateInstance,CoTaskMemFree,CoTaskMemFree, 2_2_00000001400342D0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_0000000140047FE4 CharUpperW,CompareStringOrdinal,FindResourceW,LoadResource,LockResource,SizeofResource,GetCPInfo,FindResourceW,SetCurrentDirectoryW, 2_2_0000000140047FE4
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File created: C:\Program Files\AutoHotkey Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\f213bf5a8af890680781f9b7261613ea_9e146be9-c76a-4720-bcdb-53011b87bd06 Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File read: C:\Program Files\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: AutoHotkey_2.0.12_setup.exe ReversingLabs: Detection: 34%
Source: AutoHotkey_2.0.12_setup.exe Virustotal: Detection: 35%
Source: AutoHotkey_2.0.12_setup.exe String found in binary or memory: ux.InstallCommand := Format('"{1}" "{2}\UX\install.ahk" /install "%1"' , interpreter, this.InstallDir)
Source: AutoHotkey_2.0.12_setup.exe String found in binary or memory: CmdStr('UX\install.ahk', '/install "%1"')}, {ValueName: 'Version', Value: this.Version}, ])
Source: AutoHotkey_2.0.12_setup.exe String found in binary or memory: /install
Source: AutoHotkey_2.0.12_setup.exe String found in binary or memory: /installto
Source: AutoHotkey_2.0.12_setup.exe String found in binary or memory: FileInstall("UX\ui-launcherconfig.ahk", "UX\ui-launcherconfig.ahk", 1)
Source: AutoHotkey_2.0.12_setup.exe String found in binary or memory: '/install'
Source: AutoHotkey_2.0.12_setup.exe String found in binary or memory: /install "%1"
Source: AutoHotkey_2.0.12_setup.exe String found in binary or memory: '/installto'
Source: AutoHotkey_2.0.12_setup.exe String found in binary or memory: this.AddVerb('Launch', 'UX\launcher.ahk', '/Launch "%1" %*', "Launch", aumid, {ValueName: 'ProgrammaticAccessOnly', Value: ""} )
Source: AutoHotkey_2.0.12_setup.exe String found in binary or memory: "{1}" "{2}\UX\install.ahk" /install "%1"
Source: AutoHotkey_2.0.12_setup.exe String found in binary or memory: /Launch "%1" %*
Source: AutoHotkey_2.0.12_setup.exe String found in binary or memory: UX\ui-launcherconfig.ahk
Source: AutoHotkey_2.0.12_setup.exe String found in binary or memory: UX\UI-LAUNCHERCONFIG.AHK
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File read: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\AutoHotkey32.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe "C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe"
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Process created: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe "C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe" /to "C:\Program Files\AutoHotkey"
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Process created: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe "C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe" "C:\Program Files\AutoHotkey\UX\reset-assoc.ahk" /check
Source: unknown Process created: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe "C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe" UX\ui-dash.ahk
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Process created: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe "C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe" /to "C:\Program Files\AutoHotkey" Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Process created: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe "C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe" "C:\Program Files\AutoHotkey\UX\reset-assoc.ahk" /check Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\InProcServer32 Jump to behavior
Source: AutoHotkey Dash.lnk.1.dr LNK file: ..\..\..\..\..\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe
Source: AutoHotkey Window Spy.lnk.1.dr LNK file: ..\..\..\..\..\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\AutoHotkey32.exe Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\AutoHotkey64.exe Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\AutoHotkey.chm Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\WindowSpy.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\license.txt Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\Install.cmd Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\install-ahk2exe.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\install-version.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\install.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\launcher.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\reload-v1.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\reset-assoc.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\ui-dash.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\ui-editor.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\ui-launcherconfig.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\ui-newscript.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\ui-setup.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\ui-uninstall.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\WindowSpy.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\bounce-v1.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\CommandLineToArgs.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\common.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\config.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\CreateAppShortcut.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\EnableUIAccess.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\GetGitHubReleaseAssetURL.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\HashFile.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\identify.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\identify_regex.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\launcher-common.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\README.txt Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\ShellRun.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\spy.ico Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\ui-base.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\Templates Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\Templates\Minimal for v2.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\v2 Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\v2\AutoHotkey32.exe Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\v2\AutoHotkey64.exe Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\v2\AutoHotkey.chm Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\install-ahk2exe.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\install-version.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\install.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\launcher.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\reload-v1.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\reset-assoc.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\ui-dash.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\ui-editor.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\ui-launcherconfig.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\ui-newscript.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\ui-setup.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\ui-uninstall.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\WindowSpy.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\inc Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\inc\bounce-v1.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\inc\CommandLineToArgs.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\inc\common.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\inc\config.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\inc\CreateAppShortcut.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\inc\EnableUIAccess.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\inc\GetGitHubReleaseAssetURL.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\inc\HashFile.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\inc\identify.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\inc\identify_regex.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\inc\launcher-common.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\inc\README.txt Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\inc\ShellRun.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\inc\spy.ico Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\inc\ui-base.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\Templates Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\Templates\Minimal for v2.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\license.txt Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\v2\AutoHotkey32_UIA.exe Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\v2\RCXC8B7.tmp Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\v2\AutoHotkey64_UIA.exe Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\v2\RCXC9D2.tmp Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\v2\AutoHotkey.exe Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\WindowSpy.ahk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Directory created: C:\Program Files\AutoHotkey\UX\installed-files.csv Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoHotkey Jump to behavior
Source: AutoHotkey_2.0.12_setup.exe Static file information: File size 3000320 > 1048576
Source: AutoHotkey_2.0.12_setup.exe Static PE information: Raw size of UPX1 is bigger than: 0x100000 < 0x2d3200
Contains functionality to dynamically determine API calls
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400252B0 GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,WideCharToMultiByte,GetProcAddress,GetProcAddress,WideCharToMultiByte,GetModuleHandleW,LoadLibraryW,GetProcAddress,GetProcAddress, 2_2_00000001400252B0
PE file contains sections with non-standard names
Source: AutoHotkey64.exe.1.dr Static PE information: section name: _RDATA
Source: AutoHotkey64_UIA.exe.1.dr Static PE information: section name: _RDATA
Source: AutoHotkey64.exe0.1.dr Static PE information: section name: _RDATA
Source: AutoHotkeyUX.exe.1.dr Static PE information: section name: _RDATA
Source: RCXC9D2.tmp.1.dr Static PE information: section name: _RDATA
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Code function: 1_3_00E3C2C6 pushad ; ret 1_3_00E3C2E1
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Code function: 1_3_00E681C8 push eax; ret 1_3_00E68511
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Code function: 1_3_00E3CFCC push esi; iretd 1_3_00E3CFD5
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Code function: 1_2_00E3C2C6 pushad ; ret 1_2_00E3C2E1
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Code function: 1_2_00E681C8 push eax; ret 1_2_00E68511
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Code function: 1_2_00E3CFCC push esi; iretd 1_2_00E3CFD5
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1

Persistence and Installation Behavior
barindex
Installs new ROOT certificates
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D978374624D0A031EB7358966F389DB6A253AFD7 Blob Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D978374624D0A031EB7358966F389DB6A253AFD7 Blob Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D978374624D0A031EB7358966F389DB6A253AFD7 Blob Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D978374624D0A031EB7358966F389DB6A253AFD7 Blob Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D978374624D0A031EB7358966F389DB6A253AFD7 Blob Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D978374624D0A031EB7358966F389DB6A253AFD7 Blob Jump to behavior
Drops PE files
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File created: C:\Program Files\AutoHotkey\v2\RCXC9D2.tmp Jump to dropped file
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File created: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Jump to dropped file
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File created: C:\Program Files\AutoHotkey\v2\AutoHotkey64_UIA.exe Jump to dropped file
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File created: C:\Program Files\AutoHotkey\v2\RCXC8B7.tmp Jump to dropped file
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\AutoHotkey32.exe Jump to dropped file
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File created: C:\Program Files\AutoHotkey\v2\AutoHotkey32_UIA.exe Jump to dropped file
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\AutoHotkey64.exe Jump to dropped file
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File created: C:\Program Files\AutoHotkey\v2\AutoHotkey32.exe Jump to dropped file
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File created: C:\Program Files\AutoHotkey\v2\AutoHotkey64.exe Jump to dropped file
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\license.txt Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\README.txt Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File created: C:\Program Files\AutoHotkey\UX\inc\README.txt Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File created: C:\Program Files\AutoHotkey\license.txt Jump to behavior
Stores files to the Windows start menu directory
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey Dash.lnk Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey Window Spy.lnk Jump to behavior

Hooking and other Techniques for Hiding and Protection
barindex
Hides that the sample has been downloaded from the Internet (zone.identifier)
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File opened: C:\Program Files\AutoHotkey\v2\AutoHotkey32.exe:Zone.Identifier read attributes | delete Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File opened: C:\Program Files\AutoHotkey\v2\AutoHotkey64.exe:Zone.Identifier read attributes | delete Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File opened: C:\Program Files\AutoHotkey\v2\AutoHotkey.chm:Zone.Identifier read attributes | delete Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File opened: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe:Zone.Identifier read attributes | delete Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File opened: C:\Program Files\AutoHotkey\UX\install-ahk2exe.ahk:Zone.Identifier read attributes | delete Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File opened: C:\Program Files\AutoHotkey\UX\install-version.ahk:Zone.Identifier read attributes | delete Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File opened: C:\Program Files\AutoHotkey\UX\install.ahk:Zone.Identifier read attributes | delete Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File opened: C:\Program Files\AutoHotkey\UX\launcher.ahk:Zone.Identifier read attributes | delete Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File opened: C:\Program Files\AutoHotkey\UX\reload-v1.ahk:Zone.Identifier read attributes | delete Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File opened: C:\Program Files\AutoHotkey\UX\reset-assoc.ahk:Zone.Identifier read attributes | delete Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File opened: C:\Program Files\AutoHotkey\UX\ui-dash.ahk:Zone.Identifier read attributes | delete Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File opened: C:\Program Files\AutoHotkey\UX\ui-editor.ahk:Zone.Identifier read attributes | delete Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File opened: C:\Program Files\AutoHotkey\UX\ui-launcherconfig.ahk:Zone.Identifier read attributes | delete Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File opened: C:\Program Files\AutoHotkey\UX\ui-newscript.ahk:Zone.Identifier read attributes | delete Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File opened: C:\Program Files\AutoHotkey\UX\ui-setup.ahk:Zone.Identifier read attributes | delete Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File opened: C:\Program Files\AutoHotkey\UX\ui-uninstall.ahk:Zone.Identifier read attributes | delete Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File opened: C:\Program Files\AutoHotkey\UX\WindowSpy.ahk:Zone.Identifier read attributes | delete Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File opened: C:\Program Files\AutoHotkey\UX\inc\bounce-v1.ahk:Zone.Identifier read attributes | delete Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File opened: C:\Program Files\AutoHotkey\UX\inc\CommandLineToArgs.ahk:Zone.Identifier read attributes | delete Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File opened: C:\Program Files\AutoHotkey\UX\inc\common.ahk:Zone.Identifier read attributes | delete Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File opened: C:\Program Files\AutoHotkey\UX\inc\config.ahk:Zone.Identifier read attributes | delete Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File opened: C:\Program Files\AutoHotkey\UX\inc\CreateAppShortcut.ahk:Zone.Identifier read attributes | delete Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File opened: C:\Program Files\AutoHotkey\UX\inc\EnableUIAccess.ahk:Zone.Identifier read attributes | delete Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File opened: C:\Program Files\AutoHotkey\UX\inc\GetGitHubReleaseAssetURL.ahk:Zone.Identifier read attributes | delete Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File opened: C:\Program Files\AutoHotkey\UX\inc\HashFile.ahk:Zone.Identifier read attributes | delete Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File opened: C:\Program Files\AutoHotkey\UX\inc\identify.ahk:Zone.Identifier read attributes | delete Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File opened: C:\Program Files\AutoHotkey\UX\inc\identify_regex.ahk:Zone.Identifier read attributes | delete Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File opened: C:\Program Files\AutoHotkey\UX\inc\launcher-common.ahk:Zone.Identifier read attributes | delete Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File opened: C:\Program Files\AutoHotkey\UX\inc\README.txt:Zone.Identifier read attributes | delete Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File opened: C:\Program Files\AutoHotkey\UX\inc\ShellRun.ahk:Zone.Identifier read attributes | delete Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File opened: C:\Program Files\AutoHotkey\UX\inc\spy.ico:Zone.Identifier read attributes | delete Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File opened: C:\Program Files\AutoHotkey\UX\inc\ui-base.ahk:Zone.Identifier read attributes | delete Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File opened: C:\Program Files\AutoHotkey\UX\Templates\Minimal for v2.ahk:Zone.Identifier read attributes | delete Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File opened: C:\Program Files\AutoHotkey\license.txt:Zone.Identifier read attributes | delete Jump to behavior
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_0000000140043590 IsZoomed,IsIconic, 2_2_0000000140043590
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400A1B30 GetWindowThreadProcessId,GetForegroundWindow,IsIconic,ShowWindow,SetForegroundWindow,GetForegroundWindow,GetWindow,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,SetForegroundWindow,GetForegroundWindow,GetWindow,SetForegroundWindow,GetForegroundWindow,GetWindow,AttachThreadInput,AttachThreadInput,BringWindowToTop, 2_2_00000001400A1B30
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_000000014009DF20 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen, 2_2_000000014009DF20
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_0000000140087F30 SendMessageW,GetWindowLongW,IsWindowVisible,IsIconic,GetFocus,GetDlgCtrlID,GetParent,GetWindowRect,GetPropW,ShowWindow,GetUpdateRect,SendMessageW,GetWindowLongW,ShowWindow,EnableWindow,GetWindowRect,PtInRect,PtInRect,SetFocus,SendMessageW,ShowWindow,SetFocus,InvalidateRect,MapWindowPoints,InvalidateRect, 2_2_0000000140087F30
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014007C490 SendMessageW,MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,SelectObject,ReleaseDC,SetWindowTheme,SendMessageW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,SendMessageW,GetClientRect,SetWindowLongW,SendMessageW,SetWindowLongW,SendMessageW,MoveWindow,GetWindowRect,SendMessageW,GetWindowRect,MapWindowPoints,InvalidateRect,SetWindowPos,SetWindowPos,MapWindowPoints, 3_2_000000014007C490
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140083C00 IsZoomed,IsIconic,ShowWindow,MulDiv,MulDiv,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,GetWindowRect,GetClientRect,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,SystemParametersInfoW,GetWindowRect,IsZoomed,ShowWindow,ScreenToClient,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,IsWindowVisible,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,UpdateWindow,SetFocus, 3_2_0000000140083C00
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140083C00 IsZoomed,IsIconic,ShowWindow,MulDiv,MulDiv,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,GetWindowRect,GetClientRect,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,SystemParametersInfoW,GetWindowRect,IsZoomed,ShowWindow,ScreenToClient,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,IsWindowVisible,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,UpdateWindow,SetFocus, 3_2_0000000140083C00
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140080420 GetWindowLongW,GetWindowLongW,SetWindowPos,EnableWindow,IsWindow,SetParent,SetWindowLongPtrW,SetParent,IsWindowVisible,IsIconic,SetWindowLongW,SetWindowLongW,SetWindowPos,InvalidateRect, 3_2_0000000140080420
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140068EA0 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,CreateDCW,GetDC,GetPixel,DeleteDC,ReleaseDC, 3_2_0000000140068EA0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140043590 IsZoomed,IsIconic, 3_2_0000000140043590
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400A1B30 GetWindowThreadProcessId,GetForegroundWindow,IsIconic,ShowWindow,SetForegroundWindow,GetForegroundWindow,GetWindow,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,SetForegroundWindow,GetForegroundWindow,GetWindow,SetForegroundWindow,GetForegroundWindow,GetWindow,AttachThreadInput,AttachThreadInput,BringWindowToTop, 3_2_00000001400A1B30
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014007DBB5 GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW, 3_2_000000014007DBB5
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014007DBBD GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW, 3_2_000000014007DBBD
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014007DBC5 MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW, 3_2_000000014007DBC5
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014007DBD3 MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW, 3_2_000000014007DBD3
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014007DC17 MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW, 3_2_000000014007DC17
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014007DC46 GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW, 3_2_000000014007DC46
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014007DC55 GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW, 3_2_000000014007DC55
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140083D1A ShowWindow,MulDiv,MulDiv,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,GetWindowRect,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,ScreenToClient,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,IsWindowVisible,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent, 3_2_0000000140083D1A
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140083D27 ShowWindow,MulDiv,MulDiv,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,GetWindowRect,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,ScreenToClient,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,IsWindowVisible,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent, 3_2_0000000140083D27
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140083D59 ShowWindow,MulDiv,MulDiv,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,GetWindowRect,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,ScreenToClient,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,IsWindowVisible,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent, 3_2_0000000140083D59
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140083D95 ShowWindow,MulDiv,MulDiv,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,GetWindowRect,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,ScreenToClient,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,IsWindowVisible,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent, 3_2_0000000140083D95
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140083E01 ShowWindow,MulDiv,MulDiv,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,GetWindowRect,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,ScreenToClient,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,IsWindowVisible,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent, 3_2_0000000140083E01
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140083E6D ShowWindow,MulDiv,MulDiv,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,GetWindowRect,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,ScreenToClient,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,IsWindowVisible,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent, 3_2_0000000140083E6D
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140083EA5 MulDiv,MulDiv,ShowWindow,MulDiv,MulDiv,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,GetWindowRect,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,ScreenToClient,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,IsWindowVisible,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent, 3_2_0000000140083EA5
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014009DF20 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen, 3_2_000000014009DF20
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140087F30 SendMessageW,GetWindowLongW,IsWindowVisible,IsIconic,GetFocus,GetDlgCtrlID,GetParent,GetWindowRect,GetPropW,ShowWindow,GetUpdateRect,SendMessageW,GetWindowLongW,ShowWindow,EnableWindow,GetWindowRect,PtInRect,PtInRect,SetFocus,SendMessageW,ShowWindow,SetFocus,InvalidateRect,MapWindowPoints,InvalidateRect, 3_2_0000000140087F30
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140061FB0 SendMessageW,IsWindowVisible,ShowWindow,IsIconic,ShowWindow,GetForegroundWindow,SetForegroundWindow,SendMessageW, 3_2_0000000140061FB0
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Contains functionality to detect sleep reduction / modifications
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_000000014000172D 2_2_000000014000172D
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014000172D 3_2_000000014000172D
Contains functionality to detect sandboxes (foreground window change detection)
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: SetTimer,GetTickCount,GetMessageW,GetForegroundWindow,GetWindowThreadProcessId,GetClassNameW,GetFocus,GetClassNameW,GetTickCount,PeekMessageW,PeekMessageW,GetTickCount,PeekMessageW,Sleep,GetClassLongW,GetWindowLongPtrW,GetWindowLongW,GetParent,TranslateAcceleratorW,GetDlgCtrlID,GetParent,GetKeyState,GetWindowLongW,IsWindowEnabled,GetKeyState,GetKeyState,GetKeyState,GetDlgCtrlID,GetParent,IsDialogMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetTickCount,Sleep,GetTickCount,Sleep,PostMessageW,SendMessageW,SendMessageW,ShowWindow,GetForegroundWindow,GetWindowThreadProcessId,GetClassNameW,IsDialogMessageW,KillTimer, 2_2_000000014000172D
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: SetTimer,GetTickCount,GetMessageW,GetForegroundWindow,GetWindowThreadProcessId,GetClassNameW,GetFocus,GetClassNameW,GetTickCount,PeekMessageW,PeekMessageW,GetTickCount,PeekMessageW,Sleep,GetClassLongW,GetWindowLongPtrW,GetWindowLongW,GetParent,TranslateAcceleratorW,GetDlgCtrlID,GetParent,GetKeyState,GetWindowLongW,IsWindowEnabled,GetKeyState,GetKeyState,GetKeyState,GetDlgCtrlID,GetParent,IsDialogMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetTickCount,Sleep,GetTickCount,Sleep,PostMessageW,SendMessageW,SendMessageW,ShowWindow,GetForegroundWindow,GetWindowThreadProcessId,GetClassNameW,IsDialogMessageW,KillTimer, 3_2_000000014000172D
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Window / User API: foregroundWindowGot 1079 Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Dropped PE file which has not been started: C:\Program Files\AutoHotkey\v2\RCXC9D2.tmp Jump to dropped file
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Dropped PE file which has not been started: C:\Program Files\AutoHotkey\v2\AutoHotkey64_UIA.exe Jump to dropped file
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Dropped PE file which has not been started: C:\Program Files\AutoHotkey\v2\RCXC8B7.tmp Jump to dropped file
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Dropped PE file which has not been started: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\AutoHotkey32.exe Jump to dropped file
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Dropped PE file which has not been started: C:\Program Files\AutoHotkey\v2\AutoHotkey32_UIA.exe Jump to dropped file
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Dropped PE file which has not been started: C:\Program Files\AutoHotkey\v2\AutoHotkey32.exe Jump to dropped file
Found large amount of non-executed APIs
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe API coverage: 2.6 %
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe API coverage: 4.2 %
May check if the current machine is a sandbox (GetTickCount - Sleep)
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014000172D 3_2_000000014000172D
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_0000000140023080 GetKeyboardLayout followed by cmp: cmp dl, 00000019h and CTI: ja 000000014002328Ch country: Russian (ru) 2_2_0000000140023080
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_000000014001DAF0 GetKeyboardLayout followed by cmp: cmp ecx, 0ah and CTI: jl 000000014001DE60h country: Spanish (es) 2_2_000000014001DAF0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_0000000140048D4A GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 0000000140048F34h country: Urdu (ur) 2_2_0000000140048D4A
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_0000000140048D4A GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: jnbe 0000000140048F34h country: Inuktitut (iu) 2_2_0000000140048D4A
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140048D4A GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 0000000140048F34h country: Urdu (ur) 3_2_0000000140048D4A
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140048D4A GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: jnbe 0000000140048F34h country: Inuktitut (iu) 3_2_0000000140048D4A
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140023080 GetKeyboardLayout followed by cmp: cmp dl, 00000019h and CTI: ja 000000014002328Ch country: Russian (ru) 3_2_0000000140023080
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014001DAF0 GetKeyboardLayout followed by cmp: cmp ecx, 0ah and CTI: jl 000000014001DE60h country: Spanish (es) 3_2_000000014001DAF0
Uses the system / local time for branch decision (may execute only at specific dates)
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_0000000140035200 GetLocalTime followed by cmp: cmp ax, 0009h and CTI: jne 00000001400355A5h 2_2_0000000140035200
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_0000000140035200 GetLocalTime followed by cmp: cmp word ptr [rbx], di and CTI: je 0000000140035836h 2_2_0000000140035200
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_0000000140035200 GetLocalTime followed by cmp: cmp dx, ax and CTI: je 0000000140035762h 2_2_0000000140035200
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140035200 GetLocalTime followed by cmp: cmp ax, 0009h and CTI: jne 00000001400355A5h 3_2_0000000140035200
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140035200 GetLocalTime followed by cmp: cmp word ptr [rbx], di and CTI: je 0000000140035836h 3_2_0000000140035200
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140035200 GetLocalTime followed by cmp: cmp dx, ax and CTI: je 0000000140035762h 3_2_0000000140035200
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_000000014009D920 FindFirstFileW,FindClose,FindFirstFileW,FindClose, 2_2_000000014009D920
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_0000000140029230 FindFirstFileW,GetLastError,FindClose,FileTimeToLocalFileTime,FileTimeToSystemTime, 2_2_0000000140029230
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_000000014006C3C0 GetFullPathNameW,GetFullPathNameW,GetFileAttributesW,GetFileAttributesW,FindFirstFileW,GetLastError,GetTickCount,PeekMessageW,GetTickCount,MoveFileW,DeleteFileW,MoveFileW,CopyFileW,GetLastError,FindNextFileW,FindClose, 2_2_000000014006C3C0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400295E0 CreateFileW,GetFileSizeEx,CloseHandle,FindFirstFileW,GetLastError,FindClose, 2_2_00000001400295E0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_0000000140029780 GetFileAttributesW,FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,FindClose, 2_2_0000000140029780
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_000000014005C950 FindFirstFileW,FindNextFileW,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose, 2_2_000000014005C950
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_0000000140028F30 FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose, 2_2_0000000140028F30
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014005C950 FindFirstFileW,FindNextFileW,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose, 3_2_000000014005C950
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014009D920 FindFirstFileW,FindClose,FindFirstFileW,FindClose, 3_2_000000014009D920
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_000000014006C3C0 GetFullPathNameW,GetFullPathNameW,GetFileAttributesW,GetFileAttributesW,FindFirstFileW,GetLastError,GetTickCount,PeekMessageW,GetTickCount,MoveFileW,DeleteFileW,MoveFileW,CopyFileW,GetLastError,FindNextFileW,FindClose, 3_2_000000014006C3C0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140028F30 FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose, 3_2_0000000140028F30
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140029230 FindFirstFileW,GetLastError,FindClose,FileTimeToLocalFileTime,FileTimeToSystemTime, 3_2_0000000140029230
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400295E0 CreateFileW,GetFileSizeEx,CloseHandle,FindFirstFileW,GetLastError,FindClose, 3_2_00000001400295E0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140029780 GetFileAttributesW,FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,FindClose, 3_2_0000000140029780
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_000000014001E241 GetKeyState,GetKeyState,GetForegroundWindow,GetWindowThreadProcessId,AttachThreadInput,BlockInput,GetTickCount, 2_2_000000014001E241
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400D00D8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 2_2_00000001400D00D8
Contains functionality to dynamically determine API calls
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400252B0 GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,WideCharToMultiByte,GetProcAddress,GetProcAddress,WideCharToMultiByte,GetModuleHandleW,LoadLibraryW,GetProcAddress,GetProcAddress, 2_2_00000001400252B0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400D00D8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 2_2_00000001400D00D8
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400D9A30 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 2_2_00000001400D9A30
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400D00D8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 3_2_00000001400D00D8
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400BA410 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 3_2_00000001400BA410
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400BA5F4 SetUnhandledExceptionFilter, 3_2_00000001400BA5F4
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_00000001400D9A30 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 3_2_00000001400D9A30
Contains functionality to launch a program with higher privileges
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_000000014005FA90 GetFileAttributesW,CreateProcessWithLogonW,GetLastError,CreateProcessW,CloseHandle,GetLastError,SetCurrentDirectoryW,GetFileAttributesW,SetCurrentDirectoryW,ShellExecuteExW,CloseHandle,GetLastError,FormatMessageW, 2_2_000000014005FA90
Contains functionality to simulate keystroke presses
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_000000014001FC20 GetCurrentThreadId,MapVirtualKeyW,GetKeyboardState,SetKeyboardState,PostMessageW,PostMessageW,GetForegroundWindow,GetWindowThreadProcessId,GetGUIThreadInfo,GetWindowThreadProcessId,GetKeyboardLayout,keybd_event,keybd_event, 2_2_000000014001FC20
Contains functionality to simulate mouse events
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400210C0 GetCursorPos,GetCursorPos,GetSystemMetrics,GetSystemMetrics,GetCursorPos,mouse_event,mouse_event, 2_2_00000001400210C0
Source: AutoHotkey_2.0.12_setup.exe, 00000000.00000002.1650316409.00000000008C6000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1657426465.00000000032FB000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000002.1675919729.00000000008C6000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: msctls_statusbar321No StatusBar.Press OK to continue.IsHungAppWindowahk_idpidProgram ManagerError text not found (please report)Q\E{0,DEFINEUTF16)UCP)NO_START_OPT)CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument is compiled in 8 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: AutoHotkeyUX.exe Binary or memory string: Program Manager
Source: AutoHotkeyUX.exe Binary or memory string: Shell_TrayWnd
Source: AutoHotkey_2.0.12_setup.exe, 00000000.00000002.1650316409.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000000.00000002.1650316409.00000000004CE000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000002.1675919729.00000000007AA000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: WMahk_groupTarget window not found.PosTarget control not found.%uCountSelectedFocusedind+-^HwndShell_TrayWndRtlGetVersionntdll.dll%u.%u.%u%s: %s...%s[%Iu of %Iu]: %-1.60s%sMinHide<object>AltTabShiftAltTabAltTabMenuAltTabAndMenuAltTabMenuDismissAbsACosASinATanCaretGetPosCeilChrComCallComObjActiveComObjConnectComObjFlagsComObjFromPtrComObjGetComObjQueryComObjTypeComObjValueCosDllCallExpFileOpenFloorFormatFormatTimeGetMethodHasBaseHasMethodHasPropInStrIsAlnumIsAlphaIsDigitIsFloatIsIntegerIsLowerIsNumberIsObjectIsSetRefIsSpaceIsTimeIsUpperIsXDigitLnLogLTrimModNumGetNumPutObjAddRefObjBindMethodObjFromPtrObjFromPtrAddRefObjGetBaseObjGetCapacityObjHasOwnPropObjOwnPropCountObjOwnPropsObjPtrObjPtrAddRefObjReleaseObjSetBaseObjSetCapacityOrdRegCreateKeyRegDeleteRegDeleteKeyRegExMatchRegExReplaceRegReadRegWriteRoundRTrimRunWaitSinSoundGetInterfaceSoundGetMuteSoundGetNameSoundGetVolumeSoundSetMuteSoundSetVolumeSplitPathSqrtStrCompareStrGetStrLenStrLowerStrPtrStrPutStrReplaceStrTitleStrUpperSubStrTanTrimTypeVarSetStrCapacityVerCompareWinActiveWinExistAhkPathAhkVersionAllowMainWindowAppDataAppDataCommonClipboardComputerNameControlDelayCoordModeCaretCoordModeMenuCoordModeMouseCoordModePixelCoordModeToolTipCursorDDDDDDDDDDefaultMouseSpeedDesktopDesktopCommonEndCharEventInfoHotkeyIntervalHotkeyModifierTimeoutHourIconFileIconHiddenIconNumberIconTipIndexInitialWorkingDirIs64bitOSIsAdminIsCompiledIsCriticalIsPausedIsSuspendedKeyDelayKeyDelayPlayKeyDurationKeyDurationPlayLanguageLastErrorLineFileLineNumberLoopFieldLoopFileAttribLoopFileDirLoopFileExtLoopFileFullPathLoopFileNameLoopFilePathLoopFileShortNameLoopFileShortPathLoopFileSizeLoopFileSizeKBLoopFileSizeMBLoopFileTimeAccessedLoopFileTimeCreatedLoopFileTimeModifiedLoopReadLineLoopRegKeyLoopRegNameLoopRegTimeModifiedLoopRegTypeMaxHotkeysPerIntervalMDayMenuMaskKeyMMMonMouseDelayMouseDelayPlayMyDocumentsNowNowUTCOSVersionPriorHotkeyPriorKeyProgramFilesProgramsProgramsCommonPtrSizeRegViewScreenDPIScreenHeightScreenWidthScriptDirScriptFullPathScriptHwndScriptNameSecStartMenuStartMenuCommonStartupStartupCommonStoreCapsLockModeThisFuncThisHotkeyTickCountTimeIdleTimeIdleKeyboardTimeIdleMouseTimeIdlePhysicalTimeSincePriorHotkeyTimeSinceThisHotkeyTitleMatchModeTitleMatchModeSpeedTrayMenuUserNameWinDelayWinDirWorkingDirYearYYYY.ahk - %sRegClassCreateWindowConsolasHICON:"%s"notepad.exeCould not open script./include "%s" /restart /script "%s"Script file not found.%s
Source: AutoHotkeyUX.exe, 00000002.00000002.1671065802.00000000007F9000.00000004.00000010.00020000.00000000.sdmp, AutoHotkeyUX.exe, 00000003.00000002.2844314606.00000000007F8000.00000004.00000010.00020000.00000000.sdmp Binary or memory string: ProgmanA
Source: AutoHotkey_2.0.12_setup.exe, 00000000.00000002.1650316409.00000000008C6000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1657426465.00000000032FB000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000002.1675919729.00000000008C6000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: ahk_groupTarget window not found.PosTarget control not found.%uCountSelectedFocusedind+-^HwndShell_TrayWndRtlGetVersionntdll.dll%u.%u.%u%s: %s...%s[%Iu of %Iu]: %-1.60s%sMinHide<object>AltTabShiftAltTabAltTabMenuAltTabAndMenuAltTabMenuDismissAbsACosASinATanCaretGetPosCeilChrComCallComObjActiveComObjConnectComObjFlagsComObjFromPtrComObjGetComObjQueryComObjTypeComObjValueCosDllCallExpFileOpenFloorFormatFormatTimeGetMethodHasBaseHasMethodHasPropInStrIsAlnumIsAlphaIsDigitIsFloatIsIntegerIsLowerIsNumberIsObjectIsSetRefIsSpaceIsTimeIsUpperIsXDigitLnLogLTrimModNumGetNumPutObjAddRefObjBindMethodObjFromPtrObjFromPtrAddRefObjGetBaseObjGetCapacityObjHasOwnPropObjOwnPropCountObjOwnPropsObjPtrObjPtrAddRefObjReleaseObjSetBaseObjSetCapacityOrdRegCreateKeyRegDeleteRegDeleteKeyRegExMatchRegExReplaceRegReadRegWriteRoundRTrimRunWaitSinSoundGetInterfaceSoundGetMuteSoundGetNameSoundGetVolumeSoundSetMuteSoundSetVolumeSplitPathSqrtStrCompareStrGetStrLenStrLowerStrPtrStrPutStrReplaceStrTitleStrUpperSubStrTanTrimTypeVarSetStrCapacityVerCompareWinActiveWinExistAhkPathAhkVersionAllowMainWindowAppDataAppDataCommonClipboardComputerNameControlDelayCoordModeCaretCoordModeMenuCoordModeMouseCoordModePixelCoordModeToolTipCursorDDDDDDDDDDefaultMouseSpeedDesktopDesktopCommonEndCharEventInfoHotkeyIntervalHotkeyModifierTimeoutHourIconFileIconHiddenIconNumberIconTipIndexInitialWorkingDirIs64bitOSIsAdminIsCompiledIsCriticalIsPausedIsSuspendedKeyDelayKeyDelayPlayKeyDurationKeyDurationPlayLanguageLastErrorLineFileLineNumberLoopFieldLoopFileAttribLoopFileDirLoopFileExtLoopFileFullPathLoopFileNameLoopFilePathLoopFileShortNameLoopFileShortPathLoopFileSizeLoopFileSizeKBLoopFileSizeMBLoopFileTimeAccessedLoopFileTimeCreatedLoopFileTimeModifiedLoopReadLineLoopRegKeyLoopRegNameLoopRegTimeModifiedLoopRegTypeMaxHotkeysPerIntervalMDayMenuMaskKeyMMMonMouseDelayMouseDelayPlayMyDocumentsNowNowUTCOSVersionPriorHotkeyPriorKeyProgramFilesProgramsProgramsCommonPtrSizeRegViewScreenDPIScreenHeightScreenWidthScriptDirScriptFullPathScriptHwndScriptNameSecStartMenuStartMenuCommonStartupStartupCommonStoreCapsLockModeThisFuncThisHotkeyTickCountTimeIdleTimeIdleKeyboardTimeIdleMouseTimeIdlePhysicalTimeSincePriorHotkeyTimeSinceThisHotkeyTitleMatchModeTitleMatchModeSpeedTrayMenuUserNameWinDelayWinDirWorkingDirYearYYYY.ahk - %sRegClassCreateWindowConsolasHICON:"%s"notepad.exeCould not open script./include "%s" /restart /script "%s"Script file not found.%s
Source: AutoHotkey_2.0.12_setup.exe, 00000000.00000002.1650316409.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000000.00000002.1650316409.00000000004CE000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000002.1675919729.00000000007AA000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: (Mmsctls_statusbar321No StatusBar.Press OK to continue.IsHungAppWindowahk_idpidProgram ManagerError text not found (please report)Q\E{0,DEFINEUTF16)UCP)NO_START_OPT)CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument is compiled in 8 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Queries volume information: C:\Program Files\AutoHotkey\v2\AutoHotkey32_UIA.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Queries volume information: C:\Program Files\AutoHotkey\v2\AutoHotkey64_UIA.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_0000000140035200 GetLocalTime,GetLocalTime,GetTimeFormatW,GetTimeFormatW,IsCharAlphaNumericW,IsCharAlphaNumericW,GetDateFormatW,GetDateFormatW, 2_2_0000000140035200
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_000000014003D3B0 GetComputerNameW,GetUserNameW, 2_2_000000014003D3B0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_00000001400011A0 GetModuleHandleW,GetProcAddress,GetVersionExW, 2_2_00000001400011A0
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 2_2_0000000140045A80 UnhookWindowsHookEx,UnregisterHotKey,Shell_NotifyIconW,RemoveClipboardFormatListener,DestroyWindow,DeleteObject,DestroyIcon,DestroyIcon,RemoveMenu,DestroyMenu,DeleteObject,IsWindow,DestroyWindow,mciSendStringW,mciSendStringW,DeleteCriticalSection,OleUninitialize, 2_2_0000000140045A80
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140066310 AddClipboardFormatListener,RemoveClipboardFormatListener, 3_2_0000000140066310
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe Code function: 3_2_0000000140045A80 UnhookWindowsHookEx,UnregisterHotKey,Shell_NotifyIconW,RemoveClipboardFormatListener,DestroyWindow,DeleteObject,DestroyIcon,DestroyIcon,RemoveMenu,DestroyMenu,DeleteObject,IsWindow,DestroyWindow,mciSendStringW,mciSendStringW,DeleteCriticalSection,OleUninitialize, 3_2_0000000140045A80
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1417389 Sample: AutoHotkey_2.0.12_setup.exe Startdate: 29/03/2024 Architecture: WINDOWS Score: 76 29 Multi AV Scanner detection for dropped file 2->29 31 Multi AV Scanner detection for submitted file 2->31 33 Machine Learning detection for sample 2->33 35 Contains functionality to detect sleep reduction / modifications 2->35 7 AutoHotkey_2.0.12_setup.exe 2->7         started        10 AutoHotkeyUX.exe 2->10         started        process3 signatures4 37 Sample or dropped binary is a compiled AutoHotkey binary 7->37 12 AutoHotkey_2.0.12_setup.exe 34 113 7->12         started        process5 file6 19 C:\Program Files\AutoHotkey\v2\RCXC9D2.tmp, PE32+ 12->19 dropped 21 C:\Program Files\AutoHotkey\v2\RCXC8B7.tmp, PE32 12->21 dropped 23 C:\Program Files\...\AutoHotkey64_UIA.exe, PE32+ 12->23 dropped 25 37 other malicious files 12->25 dropped 39 Installs new ROOT certificates 12->39 41 Hides that the sample has been downloaded from the Internet (zone.identifier) 12->41 43 Sample or dropped binary is a compiled AutoHotkey binary 12->43 16 AutoHotkeyUX.exe 12->16         started        signatures7 process8 signatures9 27 Sample or dropped binary is a compiled AutoHotkey binary 16->27
No contacted IP infos