Edit tour

Windows Analysis Report
AutoHotkey_2.0.12_setup.exe

Overview

General Information

Sample name:	AutoHotkey_2.0.12_setup.exe
Analysis ID:	1417389
MD5:	2cdbe2b76a36b976e9980fb4733f1052
SHA1:	64bbb4dbeed8639b272a73c2cad0f9155f42115d
SHA256:	4e1e3123dd85d3ac65a0803b08dd89b9b12b5a00b9f566782855332d03e5fe26
Infos:

Detection

Score:	76
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Contains functionality to detect sleep reduction / modifications

Hides that the sample has been downloaded from the Internet (zone.identifier)

Installs new ROOT certificates

Machine Learning detection for sample

Sample or dropped binary is a compiled AutoHotkey binary

Contains functionality for read data from the clipboard

Contains functionality to block mouse and keyboard input (often used to hinder debugging)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to detect sandboxes (foreground window change detection)

Contains functionality to dynamically determine API calls

Contains functionality to launch a process as a different user

Contains functionality to launch a program with higher privileges

Contains functionality to modify clipboard data

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to read the clipboard data

Contains functionality to record screenshots

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Contains functionality to simulate keystroke presses

Contains functionality to simulate mouse events

Detected potential crypto function

Drops PE files

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

May check if the current machine is a sandbox (GetTickCount - Sleep)

PE file contains sections with non-standard names

Potential key logger detected (key state polling based)

Queries the volume information (name, serial number etc) of a device

Sigma detected: Register New IFiltre For Persistence

Stores files to the Windows start menu directory

Tries to load missing DLLs

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)

Uses the system / local time for branch decision (may execute only at specific dates)

Classification

Process Tree

System is w10x64

AutoHotkey_2.0.12_setup.exe (PID: 6872 cmdline: "C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe" MD5: 2CDBE2B76A36B976E9980FB4733F1052)

AutoHotkey_2.0.12_setup.exe (PID: 6576 cmdline: "C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe" /to "C:\Program Files\AutoHotkey" MD5: 2CDBE2B76A36B976E9980FB4733F1052)

AutoHotkeyUX.exe (PID: 6760 cmdline: "C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe" "C:\Program Files\AutoHotkey\UX\reset-assoc.ahk" /check MD5: 825448610A8213A8408578DF2361D5EB)

AutoHotkeyUX.exe (PID: 2104 cmdline: "C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe" UX\ui-dash.ahk MD5: 825448610A8213A8408578DF2361D5EB)

cleanup

Sigma Signatures

System Summary

Sigma detected: Register New IFiltre For Persistence

Source: Registry Key set

Author: Nasreddine Bencherchali (Nextron Systems): Data: Details: {5e941d80-bf96-11cd-b579-08002b30bfeb}, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe, ProcessId: 6576, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ahk\PersistentHandler\(Default)

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for dropped file

Source: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\AutoHotkey32.exe	Virustotal: Detection: 13%			Perma Link
Source: C:\Program Files\AutoHotkey\v2\AutoHotkey32.exe	Virustotal: Detection: 13%			Perma Link

Multi AV Scanner detection for submitted file

Source: AutoHotkey_2.0.12_setup.exe	ReversingLabs: Detection: 34%
Source: AutoHotkey_2.0.12_setup.exe	Virustotal: Detection: 35%			Perma Link

Machine Learning detection for sample

Source: AutoHotkey_2.0.12_setup.exe

Joe Sandbox ML: detected

Source: AutoHotkey_2.0.12_setup.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\AutoHotkey32.exe	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\AutoHotkey64.exe	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\AutoHotkey.chm	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\WindowSpy.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\license.txt	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\Install.cmd	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\install-ahk2exe.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\install-version.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\install.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\launcher.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\reload-v1.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\reset-assoc.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\ui-dash.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\ui-editor.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\ui-launcherconfig.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\ui-newscript.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\ui-setup.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\ui-uninstall.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\WindowSpy.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\bounce-v1.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\CommandLineToArgs.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\common.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\config.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\CreateAppShortcut.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\EnableUIAccess.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\GetGitHubReleaseAssetURL.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\HashFile.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\identify.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\identify_regex.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\launcher-common.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\README.txt	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\ShellRun.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\spy.ico	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\ui-base.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\Templates	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\Templates\Minimal for v2.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\v2	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\v2\AutoHotkey32.exe	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\v2\AutoHotkey64.exe	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\v2\AutoHotkey.chm	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\install-ahk2exe.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\install-version.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\install.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\launcher.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\reload-v1.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\reset-assoc.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\ui-dash.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\ui-editor.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\ui-launcherconfig.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\ui-newscript.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\ui-setup.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\ui-uninstall.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\WindowSpy.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\inc	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\inc\bounce-v1.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\inc\CommandLineToArgs.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\inc\common.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\inc\config.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\inc\CreateAppShortcut.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\inc\EnableUIAccess.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\inc\GetGitHubReleaseAssetURL.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\inc\HashFile.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\inc\identify.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\inc\identify_regex.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\inc\launcher-common.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\inc\README.txt	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\inc\ShellRun.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\inc\spy.ico	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\inc\ui-base.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\Templates	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\Templates\Minimal for v2.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\license.txt	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\v2\AutoHotkey32_UIA.exe	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\v2\RCXC8B7.tmp	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\v2\AutoHotkey64_UIA.exe	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\v2\RCXC9D2.tmp	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\v2\AutoHotkey.exe	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\WindowSpy.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\installed-files.csv	Jump to behavior

Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoHotkey

Jump to behavior

Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\license.txt	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\README.txt	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File created: C:\Program Files\AutoHotkey\UX\inc\README.txt	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File created: C:\Program Files\AutoHotkey\license.txt	Jump to behavior

Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_000000014009D920 FindFirstFileW,FindClose,FindFirstFileW,FindClose,	2_2_000000014009D920
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_0000000140029230 FindFirstFileW,GetLastError,FindClose,FileTimeToLocalFileTime,FileTimeToSystemTime,	2_2_0000000140029230
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_000000014006C3C0 GetFullPathNameW,GetFullPathNameW,GetFileAttributesW,GetFileAttributesW,FindFirstFileW,GetLastError,GetTickCount,PeekMessageW,GetTickCount,MoveFileW,DeleteFileW,MoveFileW,CopyFileW,GetLastError,FindNextFileW,FindClose,	2_2_000000014006C3C0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_00000001400295E0 CreateFileW,GetFileSizeEx,CloseHandle,FindFirstFileW,GetLastError,FindClose,	2_2_00000001400295E0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_0000000140029780 GetFileAttributesW,FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,FindClose,	2_2_0000000140029780
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_000000014005C950 FindFirstFileW,FindNextFileW,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,	2_2_000000014005C950
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_0000000140028F30 FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,	2_2_0000000140028F30
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014005C950 FindFirstFileW,FindNextFileW,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,	3_2_000000014005C950
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014009D920 FindFirstFileW,FindClose,FindFirstFileW,FindClose,	3_2_000000014009D920
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014006C3C0 GetFullPathNameW,GetFullPathNameW,GetFileAttributesW,GetFileAttributesW,FindFirstFileW,GetLastError,GetTickCount,PeekMessageW,GetTickCount,MoveFileW,DeleteFileW,MoveFileW,CopyFileW,GetLastError,FindNextFileW,FindClose,	3_2_000000014006C3C0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140028F30 FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,	3_2_0000000140028F30
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140029230 FindFirstFileW,GetLastError,FindClose,FileTimeToLocalFileTime,FileTimeToSystemTime,	3_2_0000000140029230
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400295E0 CreateFileW,GetFileSizeEx,CloseHandle,FindFirstFileW,GetLastError,FindClose,	3_2_00000001400295E0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140029780 GetFileAttributesW,FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,FindClose,	3_2_0000000140029780

Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe

Code function: 3_2_000000014006B130 InternetOpenW,InternetOpenUrlW,GetLastError,InternetCloseHandle,CreateFileW,GetLastError,InternetCloseHandle,InternetCloseHandle,InternetReadFile,GetTickCount,PeekMessageW,GetTickCount,WriteFile,InternetReadFile,GetLastError,InternetCloseHandle,InternetCloseHandle,CloseHandle,InternetReadFileExA,GetTickCount,PeekMessageW,GetTickCount,WriteFile,InternetReadFileExA,GetLastError,InternetCloseHandle,InternetCloseHandle,CloseHandle,DeleteFileW,

3_2_000000014006B130

Source: AutoHotkey_2.0.12_setup.exe, 00000000.00000002.1650316409.00000000008C6000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000002.1675919729.00000000008C6000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1662851164.0000000004C6F000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1658658628.00000000032F2000.00000004.00000020.00020000.00000000.sdmp, install.ahk0.1.dr, install.ahk.1.dr	String found in binary or memory: http://msdn.com/library/bb756929
Source: AutoHotkey_2.0.12_setup.exe, AutoHotkey_2.0.12_setup.exe, 00000000.00000002.1650316409.00000000008C6000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000002.1675919729.00000000008C6000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1661477020.00000000032FE000.00000004.00000020.00020000.00000000.sdmp, GetGitHubReleaseAssetURL.ahk.1.dr, GetGitHubReleaseAssetURL.ahk0.1.dr	String found in binary or memory: https://api.github.com/repos/
Source: AutoHotkeyUX.exe, AutoHotkeyUX.exe, 00000003.00000000.1672423841.00000001400FB000.00000002.00000001.01000000.00000007.sdmp, RCXC9D2.tmp.1.dr, AutoHotkeyUX.exe.1.dr, install.ahk0.1.dr, install.ahk.1.dr, AutoHotkey32.exe.1.dr, AutoHotkey64.exe0.1.dr, RCXC8B7.tmp.1.dr, AutoHotkey32.exe0.1.dr, AutoHotkey64_UIA.exe.1.dr, AutoHotkey32_UIA.exe.1.dr, AutoHotkey64.exe.1.dr	String found in binary or memory: https://autohotkey.com
Source: AutoHotkey_2.0.12_setup.exe, AutoHotkey_2.0.12_setup.exe, 00000000.00000002.1650316409.00000000008C6000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000002.1675919729.00000000008C6000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1661601618.00000000032F8000.00000004.00000020.00020000.00000000.sdmp, HashFile.ahk0.1.dr, HashFile.ahk.1.dr	String found in binary or memory: https://autohotkey.com/board/topic/66139-ahk-l-calculating-md5sha-checksum-from-file/
Source: AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1675115571.0000000000EBB000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1674958594.0000000000EB8000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000002.1676929026.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autohotkey.com6122658-3693405117-2476756634-1002
Source: AutoHotkey_2.0.12_setup.exe, 00000000.00000002.1650316409.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000000.00000002.1650316409.00000000008C6000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000000.00000002.1650316409.00000000004CE000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1657426465.00000000032FB000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000002.1675919729.00000000008C6000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1667999256.0000000005ADE000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1666681857.0000000004CE0000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1658294710.00000000032F0000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000002.1675919729.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000002.1675919729.00000000004CE000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1656985053.00000000033C1000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1662797233.0000000004C90000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1666211341.0000000005BAC000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1656610056.0000000004C90000.00000004.00000020.00020000.00000000.sdmp, AutoHotkeyUX.exe, 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmp, AutoHotkeyUX.exe, 00000003.00000000.1672423841.00000001400FB000.00000002.00000001.01000000.00000007.sdmp, RCXC9D2.tmp.1.dr, AutoHotkeyUX.exe.1.dr, AutoHotkey32.exe.1.dr, AutoHotkey64.exe0.1.dr, RCXC8B7.tmp.1.dr	String found in binary or memory: https://autohotkey.comCould
Source: AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1654219063.0000000004C50000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1675253556.0000000004C4E000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1669568690.0000000004C50000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000002.1677686567.0000000004C50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autohotkey.comx
Source: AutoHotkeyUX.exe, 00000003.00000003.1673973935.0000000000170000.00000004.00000020.00020000.00000000.sdmp, AutoHotkeyUX.exe, 00000003.00000002.2844452266.0000000000CE0000.00000004.00000020.00020000.00000000.sdmp, ui-dash.ahk.1.dr, ui-dash.ahk0.1.dr	String found in binary or memory: https://www.autohotkey.com/docs/v1/
Source: ui-dash.ahk0.1.dr	String found in binary or memory: https://www.autohotkey.com/docs/v2/
Source: AutoHotkeyUX.exe, 00000003.00000003.1673973935.0000000000170000.00000004.00000020.00020000.00000000.sdmp, ui-editor.ahk.1.dr, ui-editor.ahk0.1.dr	String found in binary or memory: https://www.autohotkey.com/docs/v2/misc/Editors.htm
Source: install-version.ahk.1.dr, launcher.ahk.1.dr, launcher.ahk0.1.dr	String found in binary or memory: https://www.autohotkey.com/download/

Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe

Code function: 2_2_00000001400078A0 GetTickCount,OpenClipboard,GetTickCount,OpenClipboard,

2_2_00000001400078A0

Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_00000001400070F0 GlobalAlloc,GlobalLock,GlobalFree,EmptyClipboard,GlobalUnlock,CloseClipboard,GlobalUnlock,GlobalFree,GlobalUnlock,CloseClipboard,SetClipboardData,GlobalUnlock,CloseClipboard,	2_2_00000001400070F0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_00000001400A05B0 EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalUnlock,CloseClipboard,GlobalFree,GlobalUnlock,CloseClipboard,GlobalUnlock,CloseClipboard,	2_2_00000001400A05B0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400A05B0 EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalUnlock,CloseClipboard,GlobalFree,GlobalUnlock,CloseClipboard,GlobalUnlock,CloseClipboard,	3_2_00000001400A05B0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400070F0 GlobalAlloc,GlobalLock,GlobalFree,EmptyClipboard,GlobalUnlock,CloseClipboard,GlobalUnlock,GlobalFree,GlobalUnlock,CloseClipboard,SetClipboardData,GlobalUnlock,CloseClipboard,	3_2_00000001400070F0

Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe

Code function: 2_2_0000000140007780 GetClipboardFormatNameW,GetClipboardData,

2_2_0000000140007780

Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe

Code function: 2_2_00000001400309C0 GetSystemMetrics,GetSystemMetrics,GetDC,GetLastError,DestroyIcon,DeleteObject,GetIconInfo,DeleteObject,DeleteObject,GetDC,CreateCompatibleDC,GetIconInfo,GetObjectW,CreateCompatibleBitmap,SelectObject,CreateSolidBrush,FillRect,DeleteObject,DrawIconEx,SelectObject,DeleteObject,DeleteObject,DeleteDC,ReleaseDC,DestroyIcon,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GetLastError,ReleaseDC,DeleteObject,SelectObject,DeleteDC,DeleteObject,

2_2_00000001400309C0

Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe

Code function: 2_2_0000000140068600 GetKeyState,GetKeyState,GetAsyncKeyState,

2_2_0000000140068600

Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_000000014000172D SetTimer,GetTickCount,GetMessageW,GetForegroundWindow,GetWindowThreadProcessId,GetClassNameW,GetFocus,GetClassNameW,GetTickCount,PeekMessageW,PeekMessageW,GetTickCount,PeekMessageW,Sleep,GetClassLongW,GetWindowLongPtrW,GetWindowLongW,GetParent,TranslateAcceleratorW,GetDlgCtrlID,GetParent,GetKeyState,GetWindowLongW,IsWindowEnabled,GetKeyState,GetKeyState,GetKeyState,GetDlgCtrlID,GetParent,IsDialogMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetTickCount,Sleep,GetTickCount,Sleep,PostMessageW,SendMessageW,SendMessageW,ShowWindow,GetForegroundWindow,GetWindowThreadProcessId,GetClassNameW,IsDialogMessageW,KillTimer,		2_2_000000014000172D
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014000172D SetTimer,GetTickCount,GetMessageW,GetForegroundWindow,GetWindowThreadProcessId,GetClassNameW,GetFocus,GetClassNameW,GetTickCount,PeekMessageW,PeekMessageW,GetTickCount,PeekMessageW,Sleep,GetClassLongW,GetWindowLongPtrW,GetWindowLongW,GetParent,TranslateAcceleratorW,GetDlgCtrlID,GetParent,GetKeyState,GetWindowLongW,IsWindowEnabled,GetKeyState,GetKeyState,GetKeyState,GetDlgCtrlID,GetParent,IsDialogMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetTickCount,Sleep,GetTickCount,Sleep,PostMessageW,SendMessageW,SendMessageW,ShowWindow,GetForegroundWindow,GetWindowThreadProcessId,GetClassNameW,IsDialogMessageW,KillTimer,		3_2_000000014000172D

System Summary

Sample or dropped binary is a compiled AutoHotkey binary

Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Window found: window name: AutoHotkey	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Window found: window name: AutoHotkey	Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Window found: window name: AutoHotkey	Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Window found: window name: AutoHotkey	Jump to behavior

Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe

Code function: 2_2_0000000140026B3C: GetDriveTypeW,CreateFileW,DeviceIoControl,CloseHandle,

2_2_0000000140026B3C

Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe

Code function: 2_2_000000014005FA90 GetFileAttributesW,CreateProcessWithLogonW,GetLastError,CreateProcessW,CloseHandle,GetLastError,SetCurrentDirectoryW,GetFileAttributesW,SetCurrentDirectoryW,ShellExecuteExW,CloseHandle,GetLastError,FormatMessageW,

2_2_000000014005FA90

Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe

Code function: 3_2_000000014006CB10 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,

3_2_000000014006CB10

Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Code function: 1_3_00E3964B	1_3_00E3964B
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Code function: 1_2_00E3964B	1_2_00E3964B
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_0000000140047FE4	2_2_0000000140047FE4
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_00000001400462B0	2_2_00000001400462B0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_00000001400722C0	2_2_00000001400722C0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_00000001400485B0	2_2_00000001400485B0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_000000014004C8F0	2_2_000000014004C8F0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_0000000140005970	2_2_0000000140005970
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_0000000140051040	2_2_0000000140051040
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_0000000140037050	2_2_0000000140037050
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_000000014002C050	2_2_000000014002C050
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_000000014000C0B4	2_2_000000014000C0B4
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_00000001400B80E0	2_2_00000001400B80E0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_0000000140035200	2_2_0000000140035200
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_0000000140030250	2_2_0000000140030250
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_00000001400C925C	2_2_00000001400C925C
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_000000014001E28D	2_2_000000014001E28D
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_00000001400D1338	2_2_00000001400D1338
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_00000001400C1354	2_2_00000001400C1354
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_00000001400394F0	2_2_00000001400394F0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_0000000140055517	2_2_0000000140055517
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_0000000140010530	2_2_0000000140010530
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_00000001400C1558	2_2_00000001400C1558
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_00000001400A05B0	2_2_00000001400A05B0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_00000001400C35AC	2_2_00000001400C35AC
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_000000014008A610	2_2_000000014008A610
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_000000014000260C	2_2_000000014000260C
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_00000001400CB6A0	2_2_00000001400CB6A0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_000000014001F700	2_2_000000014001F700
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_0000000140034710	2_2_0000000140034710
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_000000014000172D	2_2_000000014000172D
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_00000001400C9768	2_2_00000001400C9768
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_00000001400C1764	2_2_00000001400C1764
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_00000001400CF780	2_2_00000001400CF780
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_00000001400027CE	2_2_00000001400027CE
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_000000014001B7E0	2_2_000000014001B7E0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_00000001400597F0	2_2_00000001400597F0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_00000001400367F0	2_2_00000001400367F0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_00000001400127F0	2_2_00000001400127F0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_0000000140037820	2_2_0000000140037820
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_000000014002F820	2_2_000000014002F820
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_0000000140019820	2_2_0000000140019820
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_00000001400C2898	2_2_00000001400C2898
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_0000000140027940	2_2_0000000140027940
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_000000014003F960	2_2_000000014003F960
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_00000001400C1968	2_2_00000001400C1968
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_00000001400C39B0	2_2_00000001400C39B0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_00000001400D19B8	2_2_00000001400D19B8
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_00000001400309C0	2_2_00000001400309C0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_00000001400ADA90	2_2_00000001400ADA90
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_000000014001DAF0	2_2_000000014001DAF0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_000000014008BB10	2_2_000000014008BB10
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_00000001400A1B30	2_2_00000001400A1B30
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_000000014004DB60	2_2_000000014004DB60
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_00000001400C1B74	2_2_00000001400C1B74
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_000000014001FC20	2_2_000000014001FC20
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_0000000140041C40	2_2_0000000140041C40
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_00000001400D5C34	2_2_00000001400D5C34
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_0000000140015C85	2_2_0000000140015C85
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_00000001400D8CB0	2_2_00000001400D8CB0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_000000014005DCF0	2_2_000000014005DCF0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_000000014003DD10	2_2_000000014003DD10
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_000000014000FD70	2_2_000000014000FD70
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_00000001400C1D78	2_2_00000001400C1D78
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_000000014005CE30	2_2_000000014005CE30
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_0000000140051E60	2_2_0000000140051E60
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_000000014009BE80	2_2_000000014009BE80
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_000000014000AE84	2_2_000000014000AE84
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_00000001400D0EA4	2_2_00000001400D0EA4
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_000000014002DED0	2_2_000000014002DED0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_0000000140029EF0	2_2_0000000140029EF0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_0000000140021F10	2_2_0000000140021F10
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_0000000140048F27	2_2_0000000140048F27
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_0000000140087F30	2_2_0000000140087F30
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_00000001400A7F50	2_2_00000001400A7F50
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_0000000140034F74	2_2_0000000140034F74
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_0000000140055FB0	2_2_0000000140055FB0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140047FF0	3_2_0000000140047FF0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140056250	3_2_0000000140056250
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400462B0	3_2_00000001400462B0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400722C0	3_2_00000001400722C0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014007E44A	3_2_000000014007E44A
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014007C490	3_2_000000014007C490
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400485B0	3_2_00000001400485B0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014004C8F0	3_2_000000014004C8F0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140051040	3_2_0000000140051040
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140025540	3_2_0000000140025540
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140085570	3_2_0000000140085570
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014000172D	3_2_000000014000172D
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400758F0	3_2_00000001400758F0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140005970	3_2_0000000140005970
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014008DA80	3_2_000000014008DA80
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014004DB60	3_2_000000014004DB60
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140083C00	3_2_0000000140083C00
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140051E60	3_2_0000000140051E60
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140097E70	3_2_0000000140097E70
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140029EF0	3_2_0000000140029EF0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014002C050	3_2_000000014002C050
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140016050	3_2_0000000140016050
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014000C0B4	3_2_000000014000C0B4
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400B80E0	3_2_00000001400B80E0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400740DE	3_2_00000001400740DE
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140030250	3_2_0000000140030250
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014001E28D	3_2_000000014001E28D
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140080420	3_2_0000000140080420
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140010530	3_2_0000000140010530
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400A05B0	3_2_00000001400A05B0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014008A610	3_2_000000014008A610
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014000260C	3_2_000000014000260C
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140034710	3_2_0000000140034710
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140026740	3_2_0000000140026740
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140080D90	3_2_0000000140080D90
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400027CE	3_2_00000001400027CE
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400367F0	3_2_00000001400367F0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400127F0	3_2_00000001400127F0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400C2898	3_2_00000001400C2898
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400309C0	3_2_00000001400309C0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140084AC0	3_2_0000000140084AC0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140082BFC	3_2_0000000140082BFC
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140082C0B	3_2_0000000140082C0B
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140082C16	3_2_0000000140082C16
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140062C19	3_2_0000000140062C19
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400D8CB0	3_2_00000001400D8CB0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140082CE5	3_2_0000000140082CE5
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140082CFE	3_2_0000000140082CFE
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140082D06	3_2_0000000140082D06
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140082D1B	3_2_0000000140082D1B
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140080D90	3_2_0000000140080D90
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014005CE30	3_2_000000014005CE30
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014000AE84	3_2_000000014000AE84
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400D0EA4	3_2_00000001400D0EA4
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140048F27	3_2_0000000140048F27
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140034F74	3_2_0000000140034F74
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140016FD0	3_2_0000000140016FD0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400AB03B	3_2_00000001400AB03B
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014008304B	3_2_000000014008304B
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140037050	3_2_0000000140037050
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014006B130	3_2_000000014006B130
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140035200	3_2_0000000140035200
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400C925C	3_2_00000001400C925C
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014007F336	3_2_000000014007F336
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400D1338	3_2_00000001400D1338
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400C1354	3_2_00000001400C1354
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400394F0	3_2_00000001400394F0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140055517	3_2_0000000140055517
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140071550	3_2_0000000140071550
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400C1558	3_2_00000001400C1558
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400C35AC	3_2_00000001400C35AC
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400CB6A0	3_2_00000001400CB6A0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014001F700	3_2_000000014001F700
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400AB70A	3_2_00000001400AB70A
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400C9768	3_2_00000001400C9768
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400C1764	3_2_00000001400C1764
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400CF780	3_2_00000001400CF780
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014001B7E0	3_2_000000014001B7E0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400597F0	3_2_00000001400597F0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140037820	3_2_0000000140037820
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014002F820	3_2_000000014002F820
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140019820	3_2_0000000140019820
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140027940	3_2_0000000140027940
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014003F960	3_2_000000014003F960
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400C1968	3_2_00000001400C1968
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400C39B0	3_2_00000001400C39B0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400D19B8	3_2_00000001400D19B8
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400ADA90	3_2_00000001400ADA90
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014001DAF0	3_2_000000014001DAF0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014008BB10	3_2_000000014008BB10
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400A1B30	3_2_00000001400A1B30
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400C1B74	3_2_00000001400C1B74
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014001FC20	3_2_000000014001FC20
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140041C40	3_2_0000000140041C40
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400D5C34	3_2_00000001400D5C34
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140079C80	3_2_0000000140079C80
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140015C85	3_2_0000000140015C85
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014005DCF0	3_2_000000014005DCF0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014003DD10	3_2_000000014003DD10
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140083D1A	3_2_0000000140083D1A
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140083D27	3_2_0000000140083D27
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140083D59	3_2_0000000140083D59
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014000FD70	3_2_000000014000FD70
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400C1D78	3_2_00000001400C1D78
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140083D95	3_2_0000000140083D95
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140083E01	3_2_0000000140083E01
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140083E6D	3_2_0000000140083E6D
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014009BE80	3_2_000000014009BE80
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140083EA5	3_2_0000000140083EA5
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014002DED0	3_2_000000014002DED0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140021F10	3_2_0000000140021F10
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140087F30	3_2_0000000140087F30
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400A7F50	3_2_00000001400A7F50

Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: String function: 00000001400C5CA0 appears 36 times
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: String function: 000000014000F730 appears 50 times
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: String function: 00000001400BB8A8 appears 48 times
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: String function: 000000014000EDA0 appears 50 times
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: String function: 0000000140011B40 appears 39 times
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: String function: 0000000140006DF0 appears 44 times
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: String function: 000000014000F150 appears 36 times
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: String function: 0000000140010AC0 appears 135 times
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: String function: 00000001400D99E0 appears 38 times
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: String function: 00000001400C0410 appears 83 times
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: String function: 00000001400A3410 appears 62 times
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: String function: 000000014000D38C appears 54 times
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: String function: 0000000140011560 appears 33 times
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: String function: 000000014009C780 appears 74 times
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: String function: 00000001400C0224 appears 343 times
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: String function: 0000000140010880 appears 98 times
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: String function: 0000000140011210 appears 40 times
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: String function: 00000001400055E0 appears 32 times
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: String function: 000000014000F880 appears 46 times

Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: iconcodecservice.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: iconcodecservice.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: mssign32.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: mssign32.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Section loaded: iconcodecservice.dll	Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Section loaded: iconcodecservice.dll	Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Section loaded: wintypes.dll	Jump to behavior

Source: AutoHotkey_2.0.12_setup.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: mal76.evad.winEXE@6/78@0/0

Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe

2_2_000000014005FA90

Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe

Code function: 3_2_000000014006CB10 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,

3_2_000000014006CB10

Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe

Code function: 2_2_000000014002716C GetDiskFreeSpaceW,GetLastError,

2_2_000000014002716C

Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe

Code function: 2_2_000000014006CBC0 OpenProcess,GetProcessId,WaitForSingleObject,CloseHandle,GetLastError,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,Process32NextW,CloseHandle,CloseHandle,CloseHandle,

2_2_000000014006CBC0

Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe

Code function: 2_2_00000001400342D0 CoCreateInstance,CoTaskMemFree,CoTaskMemFree,

2_2_00000001400342D0

Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe

Code function: 2_2_0000000140047FE4 CharUpperW,CompareStringOrdinal,FindResourceW,LoadResource,LockResource,SizeofResource,GetCPInfo,FindResourceW,SetCurrentDirectoryW,

2_2_0000000140047FE4

Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe

File created: C:\Program Files\AutoHotkey

Jump to behavior

Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\f213bf5a8af890680781f9b7261613ea_9e146be9-c76a-4720-bcdb-53011b87bd06

Jump to behavior

Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe

File read: C:\Program Files\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: AutoHotkey_2.0.12_setup.exe	ReversingLabs: Detection: 34%
Source: AutoHotkey_2.0.12_setup.exe	Virustotal: Detection: 35%

Source: AutoHotkey_2.0.12_setup.exe	String found in binary or memory: ux.InstallCommand := Format('"{1}" "{2}\UX\install.ahk" /install "%1"' , interpreter, this.InstallDir)
Source: AutoHotkey_2.0.12_setup.exe	String found in binary or memory: CmdStr('UX\install.ahk', '/install "%1"')}, {ValueName: 'Version', Value: this.Version}, ])
Source: AutoHotkey_2.0.12_setup.exe	String found in binary or memory: /install
Source: AutoHotkey_2.0.12_setup.exe	String found in binary or memory: /installto
Source: AutoHotkey_2.0.12_setup.exe	String found in binary or memory: FileInstall("UX\ui-launcherconfig.ahk", "UX\ui-launcherconfig.ahk", 1)
Source: AutoHotkey_2.0.12_setup.exe	String found in binary or memory: '/install'
Source: AutoHotkey_2.0.12_setup.exe	String found in binary or memory: /install "%1"
Source: AutoHotkey_2.0.12_setup.exe	String found in binary or memory: '/installto'
Source: AutoHotkey_2.0.12_setup.exe	String found in binary or memory: this.AddVerb('Launch', 'UX\launcher.ahk', '/Launch "%1" %*', "Launch", aumid, {ValueName: 'ProgrammaticAccessOnly', Value: ""} )
Source: AutoHotkey_2.0.12_setup.exe	String found in binary or memory: "{1}" "{2}\UX\install.ahk" /install "%1"
Source: AutoHotkey_2.0.12_setup.exe	String found in binary or memory: /Launch "%1" %*
Source: AutoHotkey_2.0.12_setup.exe	String found in binary or memory: UX\ui-launcherconfig.ahk
Source: AutoHotkey_2.0.12_setup.exe	String found in binary or memory: UX\UI-LAUNCHERCONFIG.AHK

Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe

File read: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\AutoHotkey32.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe "C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe"
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Process created: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe "C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe" /to "C:\Program Files\AutoHotkey"
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Process created: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe "C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe" "C:\Program Files\AutoHotkey\UX\reset-assoc.ahk" /check
Source: unknown	Process created: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe "C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe" UX\ui-dash.ahk
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Process created: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe "C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe" /to "C:\Program Files\AutoHotkey"	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Process created: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe "C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe" "C:\Program Files\AutoHotkey\UX\reset-assoc.ahk" /check	Jump to behavior

Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\InProcServer32

Jump to behavior

Source: AutoHotkey Dash.lnk.1.dr	LNK file: ..\..\..\..\..\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe
Source: AutoHotkey Window Spy.lnk.1.dr	LNK file: ..\..\..\..\..\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\AutoHotkey32.exe	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\AutoHotkey64.exe	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\AutoHotkey.chm	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\WindowSpy.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\license.txt	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\Install.cmd	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\install-ahk2exe.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\install-version.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\install.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\launcher.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\reload-v1.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\reset-assoc.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\ui-dash.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\ui-editor.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\ui-launcherconfig.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\ui-newscript.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\ui-setup.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\ui-uninstall.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\WindowSpy.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\bounce-v1.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\CommandLineToArgs.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\common.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\config.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\CreateAppShortcut.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\EnableUIAccess.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\GetGitHubReleaseAssetURL.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\HashFile.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\identify.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\identify_regex.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\launcher-common.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\README.txt	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\ShellRun.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\spy.ico	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\ui-base.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\Templates	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\Templates\Minimal for v2.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\v2	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\v2\AutoHotkey32.exe	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\v2\AutoHotkey64.exe	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\v2\AutoHotkey.chm	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\install-ahk2exe.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\install-version.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\install.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\launcher.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\reload-v1.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\reset-assoc.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\ui-dash.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\ui-editor.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\ui-launcherconfig.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\ui-newscript.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\ui-setup.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\ui-uninstall.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\WindowSpy.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\inc	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\inc\bounce-v1.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\inc\CommandLineToArgs.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\inc\common.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\inc\config.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\inc\CreateAppShortcut.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\inc\EnableUIAccess.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\inc\GetGitHubReleaseAssetURL.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\inc\HashFile.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\inc\identify.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\inc\identify_regex.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\inc\launcher-common.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\inc\README.txt	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\inc\ShellRun.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\inc\spy.ico	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\inc\ui-base.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\Templates	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\Templates\Minimal for v2.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\license.txt	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\v2\AutoHotkey32_UIA.exe	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\v2\RCXC8B7.tmp	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\v2\AutoHotkey64_UIA.exe	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\v2\RCXC9D2.tmp	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\v2\AutoHotkey.exe	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\WindowSpy.ahk	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Directory created: C:\Program Files\AutoHotkey\UX\installed-files.csv	Jump to behavior

Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoHotkey

Jump to behavior

Source: AutoHotkey_2.0.12_setup.exe

Static file information: File size 3000320 > 1048576

Source: AutoHotkey_2.0.12_setup.exe

Static PE information: Raw size of UPX1 is bigger than: 0x100000 < 0x2d3200

Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe

Code function: 2_2_00000001400252B0 GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,WideCharToMultiByte,GetProcAddress,GetProcAddress,WideCharToMultiByte,GetModuleHandleW,LoadLibraryW,GetProcAddress,GetProcAddress,

2_2_00000001400252B0

Source: AutoHotkey64.exe.1.dr	Static PE information: section name: _RDATA
Source: AutoHotkey64_UIA.exe.1.dr	Static PE information: section name: _RDATA
Source: AutoHotkey64.exe0.1.dr	Static PE information: section name: _RDATA
Source: AutoHotkeyUX.exe.1.dr	Static PE information: section name: _RDATA
Source: RCXC9D2.tmp.1.dr	Static PE information: section name: _RDATA

Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Code function: 1_3_00E3C2C6 pushad ; ret	1_3_00E3C2E1
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Code function: 1_3_00E681C8 push eax; ret	1_3_00E68511
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Code function: 1_3_00E3CFCC push esi; iretd	1_3_00E3CFD5
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Code function: 1_2_00E3C2C6 pushad ; ret	1_2_00E3C2E1
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Code function: 1_2_00E681C8 push eax; ret	1_2_00E68511
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Code function: 1_2_00E3CFCC push esi; iretd	1_2_00E3CFD5

Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1

Persistence and Installation Behavior

Installs new ROOT certificates

Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D978374624D0A031EB7358966F389DB6A253AFD7 Blob	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D978374624D0A031EB7358966F389DB6A253AFD7 Blob	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D978374624D0A031EB7358966F389DB6A253AFD7 Blob	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D978374624D0A031EB7358966F389DB6A253AFD7 Blob	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D978374624D0A031EB7358966F389DB6A253AFD7 Blob	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D978374624D0A031EB7358966F389DB6A253AFD7 Blob	Jump to behavior

Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File created: C:\Program Files\AutoHotkey\v2\RCXC9D2.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File created: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Jump to dropped file
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File created: C:\Program Files\AutoHotkey\v2\AutoHotkey64_UIA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File created: C:\Program Files\AutoHotkey\v2\RCXC8B7.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\AutoHotkey32.exe	Jump to dropped file
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File created: C:\Program Files\AutoHotkey\v2\AutoHotkey32_UIA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\AutoHotkey64.exe	Jump to dropped file
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File created: C:\Program Files\AutoHotkey\v2\AutoHotkey32.exe	Jump to dropped file
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File created: C:\Program Files\AutoHotkey\v2\AutoHotkey64.exe	Jump to dropped file

Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\license.txt	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File created: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\README.txt	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File created: C:\Program Files\AutoHotkey\UX\inc\README.txt	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File created: C:\Program Files\AutoHotkey\license.txt	Jump to behavior

Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey Dash.lnk			Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey Window Spy.lnk			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File opened: C:\Program Files\AutoHotkey\v2\AutoHotkey32.exe:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File opened: C:\Program Files\AutoHotkey\v2\AutoHotkey64.exe:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File opened: C:\Program Files\AutoHotkey\v2\AutoHotkey.chm:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File opened: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File opened: C:\Program Files\AutoHotkey\UX\install-ahk2exe.ahk:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File opened: C:\Program Files\AutoHotkey\UX\install-version.ahk:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File opened: C:\Program Files\AutoHotkey\UX\install.ahk:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File opened: C:\Program Files\AutoHotkey\UX\launcher.ahk:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File opened: C:\Program Files\AutoHotkey\UX\reload-v1.ahk:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File opened: C:\Program Files\AutoHotkey\UX\reset-assoc.ahk:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File opened: C:\Program Files\AutoHotkey\UX\ui-dash.ahk:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File opened: C:\Program Files\AutoHotkey\UX\ui-editor.ahk:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File opened: C:\Program Files\AutoHotkey\UX\ui-launcherconfig.ahk:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File opened: C:\Program Files\AutoHotkey\UX\ui-newscript.ahk:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File opened: C:\Program Files\AutoHotkey\UX\ui-setup.ahk:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File opened: C:\Program Files\AutoHotkey\UX\ui-uninstall.ahk:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File opened: C:\Program Files\AutoHotkey\UX\WindowSpy.ahk:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File opened: C:\Program Files\AutoHotkey\UX\inc\bounce-v1.ahk:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File opened: C:\Program Files\AutoHotkey\UX\inc\CommandLineToArgs.ahk:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File opened: C:\Program Files\AutoHotkey\UX\inc\common.ahk:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File opened: C:\Program Files\AutoHotkey\UX\inc\config.ahk:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File opened: C:\Program Files\AutoHotkey\UX\inc\CreateAppShortcut.ahk:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File opened: C:\Program Files\AutoHotkey\UX\inc\EnableUIAccess.ahk:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File opened: C:\Program Files\AutoHotkey\UX\inc\GetGitHubReleaseAssetURL.ahk:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File opened: C:\Program Files\AutoHotkey\UX\inc\HashFile.ahk:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File opened: C:\Program Files\AutoHotkey\UX\inc\identify.ahk:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File opened: C:\Program Files\AutoHotkey\UX\inc\identify_regex.ahk:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File opened: C:\Program Files\AutoHotkey\UX\inc\launcher-common.ahk:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File opened: C:\Program Files\AutoHotkey\UX\inc\README.txt:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File opened: C:\Program Files\AutoHotkey\UX\inc\ShellRun.ahk:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File opened: C:\Program Files\AutoHotkey\UX\inc\spy.ico:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File opened: C:\Program Files\AutoHotkey\UX\inc\ui-base.ahk:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File opened: C:\Program Files\AutoHotkey\UX\Templates\Minimal for v2.ahk:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	File opened: C:\Program Files\AutoHotkey\license.txt:Zone.Identifier read attributes \| delete	Jump to behavior

Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_0000000140043590 IsZoomed,IsIconic,	2_2_0000000140043590
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_00000001400A1B30 GetWindowThreadProcessId,GetForegroundWindow,IsIconic,ShowWindow,SetForegroundWindow,GetForegroundWindow,GetWindow,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,SetForegroundWindow,GetForegroundWindow,GetWindow,SetForegroundWindow,GetForegroundWindow,GetWindow,AttachThreadInput,AttachThreadInput,BringWindowToTop,	2_2_00000001400A1B30
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_000000014009DF20 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,	2_2_000000014009DF20
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_0000000140087F30 SendMessageW,GetWindowLongW,IsWindowVisible,IsIconic,GetFocus,GetDlgCtrlID,GetParent,GetWindowRect,GetPropW,ShowWindow,GetUpdateRect,SendMessageW,GetWindowLongW,ShowWindow,EnableWindow,GetWindowRect,PtInRect,PtInRect,SetFocus,SendMessageW,ShowWindow,SetFocus,InvalidateRect,MapWindowPoints,InvalidateRect,	2_2_0000000140087F30
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014007C490 SendMessageW,MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,SelectObject,ReleaseDC,SetWindowTheme,SendMessageW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,SendMessageW,GetClientRect,SetWindowLongW,SendMessageW,SetWindowLongW,SendMessageW,MoveWindow,GetWindowRect,SendMessageW,GetWindowRect,MapWindowPoints,InvalidateRect,SetWindowPos,SetWindowPos,MapWindowPoints,	3_2_000000014007C490
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140083C00 IsZoomed,IsIconic,ShowWindow,MulDiv,MulDiv,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,GetWindowRect,GetClientRect,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,SystemParametersInfoW,GetWindowRect,IsZoomed,ShowWindow,ScreenToClient,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,IsWindowVisible,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,UpdateWindow,SetFocus,	3_2_0000000140083C00
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140083C00 IsZoomed,IsIconic,ShowWindow,MulDiv,MulDiv,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,GetWindowRect,GetClientRect,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,SystemParametersInfoW,GetWindowRect,IsZoomed,ShowWindow,ScreenToClient,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,IsWindowVisible,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,UpdateWindow,SetFocus,	3_2_0000000140083C00
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140080420 GetWindowLongW,GetWindowLongW,SetWindowPos,EnableWindow,IsWindow,SetParent,SetWindowLongPtrW,SetParent,IsWindowVisible,IsIconic,SetWindowLongW,SetWindowLongW,SetWindowPos,InvalidateRect,	3_2_0000000140080420
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140068EA0 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,CreateDCW,GetDC,GetPixel,DeleteDC,ReleaseDC,	3_2_0000000140068EA0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140043590 IsZoomed,IsIconic,	3_2_0000000140043590
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400A1B30 GetWindowThreadProcessId,GetForegroundWindow,IsIconic,ShowWindow,SetForegroundWindow,GetForegroundWindow,GetWindow,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,SetForegroundWindow,GetForegroundWindow,GetWindow,SetForegroundWindow,GetForegroundWindow,GetWindow,AttachThreadInput,AttachThreadInput,BringWindowToTop,	3_2_00000001400A1B30
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014007DBB5 GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,	3_2_000000014007DBB5
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014007DBBD GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,	3_2_000000014007DBBD
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014007DBC5 MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,	3_2_000000014007DBC5
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014007DBD3 MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,	3_2_000000014007DBD3
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014007DC17 MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,	3_2_000000014007DC17
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014007DC46 GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,	3_2_000000014007DC46
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014007DC55 GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,	3_2_000000014007DC55
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140083D1A ShowWindow,MulDiv,MulDiv,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,GetWindowRect,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,ScreenToClient,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,IsWindowVisible,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,	3_2_0000000140083D1A
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140083D27 ShowWindow,MulDiv,MulDiv,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,GetWindowRect,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,ScreenToClient,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,IsWindowVisible,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,	3_2_0000000140083D27
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140083D59 ShowWindow,MulDiv,MulDiv,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,GetWindowRect,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,ScreenToClient,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,IsWindowVisible,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,	3_2_0000000140083D59
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140083D95 ShowWindow,MulDiv,MulDiv,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,GetWindowRect,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,ScreenToClient,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,IsWindowVisible,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,	3_2_0000000140083D95
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140083E01 ShowWindow,MulDiv,MulDiv,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,GetWindowRect,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,ScreenToClient,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,IsWindowVisible,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,	3_2_0000000140083E01
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140083E6D ShowWindow,MulDiv,MulDiv,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,GetWindowRect,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,ScreenToClient,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,IsWindowVisible,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,	3_2_0000000140083E6D
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140083EA5 MulDiv,MulDiv,ShowWindow,MulDiv,MulDiv,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,GetWindowRect,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,ScreenToClient,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,IsWindowVisible,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,	3_2_0000000140083EA5
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014009DF20 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,	3_2_000000014009DF20
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140087F30 SendMessageW,GetWindowLongW,IsWindowVisible,IsIconic,GetFocus,GetDlgCtrlID,GetParent,GetWindowRect,GetPropW,ShowWindow,GetUpdateRect,SendMessageW,GetWindowLongW,ShowWindow,EnableWindow,GetWindowRect,PtInRect,PtInRect,SetFocus,SendMessageW,ShowWindow,SetFocus,InvalidateRect,MapWindowPoints,InvalidateRect,	3_2_0000000140087F30
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140061FB0 SendMessageW,IsWindowVisible,ShowWindow,IsIconic,ShowWindow,GetForegroundWindow,SetForegroundWindow,SendMessageW,	3_2_0000000140061FB0

Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Contains functionality to detect sleep reduction / modifications

Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_000000014000172D		2_2_000000014000172D
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014000172D		3_2_000000014000172D

Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: SetTimer,GetTickCount,GetMessageW,GetForegroundWindow,GetWindowThreadProcessId,GetClassNameW,GetFocus,GetClassNameW,GetTickCount,PeekMessageW,PeekMessageW,GetTickCount,PeekMessageW,Sleep,GetClassLongW,GetWindowLongPtrW,GetWindowLongW,GetParent,TranslateAcceleratorW,GetDlgCtrlID,GetParent,GetKeyState,GetWindowLongW,IsWindowEnabled,GetKeyState,GetKeyState,GetKeyState,GetDlgCtrlID,GetParent,IsDialogMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetTickCount,Sleep,GetTickCount,Sleep,PostMessageW,SendMessageW,SendMessageW,ShowWindow,GetForegroundWindow,GetWindowThreadProcessId,GetClassNameW,IsDialogMessageW,KillTimer,		2_2_000000014000172D
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: SetTimer,GetTickCount,GetMessageW,GetForegroundWindow,GetWindowThreadProcessId,GetClassNameW,GetFocus,GetClassNameW,GetTickCount,PeekMessageW,PeekMessageW,GetTickCount,PeekMessageW,Sleep,GetClassLongW,GetWindowLongPtrW,GetWindowLongW,GetParent,TranslateAcceleratorW,GetDlgCtrlID,GetParent,GetKeyState,GetWindowLongW,IsWindowEnabled,GetKeyState,GetKeyState,GetKeyState,GetDlgCtrlID,GetParent,IsDialogMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetTickCount,Sleep,GetTickCount,Sleep,PostMessageW,SendMessageW,SendMessageW,ShowWindow,GetForegroundWindow,GetWindowThreadProcessId,GetClassNameW,IsDialogMessageW,KillTimer,		3_2_000000014000172D

Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe

Window / User API: foregroundWindowGot 1079

Jump to behavior

Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Dropped PE file which has not been started: C:\Program Files\AutoHotkey\v2\RCXC9D2.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Dropped PE file which has not been started: C:\Program Files\AutoHotkey\v2\AutoHotkey64_UIA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Dropped PE file which has not been started: C:\Program Files\AutoHotkey\v2\RCXC8B7.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Dropped PE file which has not been started: C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\AutoHotkey32.exe	Jump to dropped file
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Dropped PE file which has not been started: C:\Program Files\AutoHotkey\v2\AutoHotkey32_UIA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Dropped PE file which has not been started: C:\Program Files\AutoHotkey\v2\AutoHotkey32.exe	Jump to dropped file

Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	API coverage: 2.6 %
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	API coverage: 4.2 %

Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe

Code function: 3_2_000000014000172D

3_2_000000014000172D

Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_0000000140023080 GetKeyboardLayout followed by cmp: cmp dl, 00000019h and CTI: ja 000000014002328Ch country: Russian (ru)	2_2_0000000140023080
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_000000014001DAF0 GetKeyboardLayout followed by cmp: cmp ecx, 0ah and CTI: jl 000000014001DE60h country: Spanish (es)	2_2_000000014001DAF0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_0000000140048D4A GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 0000000140048F34h country: Urdu (ur)	2_2_0000000140048D4A
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_0000000140048D4A GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: jnbe 0000000140048F34h country: Inuktitut (iu)	2_2_0000000140048D4A
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140048D4A GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 0000000140048F34h country: Urdu (ur)	3_2_0000000140048D4A
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140048D4A GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: jnbe 0000000140048F34h country: Inuktitut (iu)	3_2_0000000140048D4A
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140023080 GetKeyboardLayout followed by cmp: cmp dl, 00000019h and CTI: ja 000000014002328Ch country: Russian (ru)	3_2_0000000140023080
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014001DAF0 GetKeyboardLayout followed by cmp: cmp ecx, 0ah and CTI: jl 000000014001DE60h country: Spanish (es)	3_2_000000014001DAF0

Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_0000000140035200 GetLocalTime followed by cmp: cmp ax, 0009h and CTI: jne 00000001400355A5h	2_2_0000000140035200
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_0000000140035200 GetLocalTime followed by cmp: cmp word ptr [rbx], di and CTI: je 0000000140035836h	2_2_0000000140035200
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_0000000140035200 GetLocalTime followed by cmp: cmp dx, ax and CTI: je 0000000140035762h	2_2_0000000140035200
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140035200 GetLocalTime followed by cmp: cmp ax, 0009h and CTI: jne 00000001400355A5h	3_2_0000000140035200
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140035200 GetLocalTime followed by cmp: cmp word ptr [rbx], di and CTI: je 0000000140035836h	3_2_0000000140035200
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140035200 GetLocalTime followed by cmp: cmp dx, ax and CTI: je 0000000140035762h	3_2_0000000140035200

Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_000000014009D920 FindFirstFileW,FindClose,FindFirstFileW,FindClose,	2_2_000000014009D920
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_0000000140029230 FindFirstFileW,GetLastError,FindClose,FileTimeToLocalFileTime,FileTimeToSystemTime,	2_2_0000000140029230
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_000000014006C3C0 GetFullPathNameW,GetFullPathNameW,GetFileAttributesW,GetFileAttributesW,FindFirstFileW,GetLastError,GetTickCount,PeekMessageW,GetTickCount,MoveFileW,DeleteFileW,MoveFileW,CopyFileW,GetLastError,FindNextFileW,FindClose,	2_2_000000014006C3C0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_00000001400295E0 CreateFileW,GetFileSizeEx,CloseHandle,FindFirstFileW,GetLastError,FindClose,	2_2_00000001400295E0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_0000000140029780 GetFileAttributesW,FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,FindClose,	2_2_0000000140029780
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_000000014005C950 FindFirstFileW,FindNextFileW,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,	2_2_000000014005C950
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_0000000140028F30 FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,	2_2_0000000140028F30
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014005C950 FindFirstFileW,FindNextFileW,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,	3_2_000000014005C950
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014009D920 FindFirstFileW,FindClose,FindFirstFileW,FindClose,	3_2_000000014009D920
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_000000014006C3C0 GetFullPathNameW,GetFullPathNameW,GetFileAttributesW,GetFileAttributesW,FindFirstFileW,GetLastError,GetTickCount,PeekMessageW,GetTickCount,MoveFileW,DeleteFileW,MoveFileW,CopyFileW,GetLastError,FindNextFileW,FindClose,	3_2_000000014006C3C0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140028F30 FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,	3_2_0000000140028F30
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140029230 FindFirstFileW,GetLastError,FindClose,FileTimeToLocalFileTime,FileTimeToSystemTime,	3_2_0000000140029230
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400295E0 CreateFileW,GetFileSizeEx,CloseHandle,FindFirstFileW,GetLastError,FindClose,	3_2_00000001400295E0
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140029780 GetFileAttributesW,FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,FindClose,	3_2_0000000140029780

Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe

Code function: 2_2_000000014001E241 GetKeyState,GetKeyState,GetForegroundWindow,GetWindowThreadProcessId,AttachThreadInput,BlockInput,GetTickCount,

2_2_000000014001E241

Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe

Code function: 2_2_00000001400D00D8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

2_2_00000001400D00D8

Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe

2_2_00000001400252B0

Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_00000001400D00D8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_00000001400D00D8
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_00000001400D9A30 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_00000001400D9A30
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400D00D8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00000001400D00D8
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400BA410 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00000001400BA410
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400BA5F4 SetUnhandledExceptionFilter,	3_2_00000001400BA5F4
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_00000001400D9A30 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	3_2_00000001400D9A30

Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe

2_2_000000014005FA90

Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe

Code function: 2_2_000000014001FC20 GetCurrentThreadId,MapVirtualKeyW,GetKeyboardState,SetKeyboardState,PostMessageW,PostMessageW,GetForegroundWindow,GetWindowThreadProcessId,GetGUIThreadInfo,GetWindowThreadProcessId,GetKeyboardLayout,keybd_event,keybd_event,

2_2_000000014001FC20

Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe

Code function: 2_2_00000001400210C0 GetCursorPos,GetCursorPos,GetSystemMetrics,GetSystemMetrics,GetCursorPos,mouse_event,mouse_event,

2_2_00000001400210C0

Source: AutoHotkey_2.0.12_setup.exe, 00000000.00000002.1650316409.00000000008C6000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1657426465.00000000032FB000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000002.1675919729.00000000008C6000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: msctls_statusbar321No StatusBar.Press OK to continue.IsHungAppWindowahk_idpidProgram ManagerError text not found (please report)Q\E{0,DEFINEUTF16)UCP)NO_START_OPT)CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument is compiled in 8 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: AutoHotkeyUX.exe	Binary or memory string: Program Manager
Source: AutoHotkeyUX.exe	Binary or memory string: Shell_TrayWnd
Source: AutoHotkey_2.0.12_setup.exe, 00000000.00000002.1650316409.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000000.00000002.1650316409.00000000004CE000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000002.1675919729.00000000007AA000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: WMahk_groupTarget window not found.PosTarget control not found.%uCountSelectedFocusedind+-^HwndShell_TrayWndRtlGetVersionntdll.dll%u.%u.%u%s: %s...%s[%Iu of %Iu]: %-1.60s%sMinHide<object>AltTabShiftAltTabAltTabMenuAltTabAndMenuAltTabMenuDismissAbsACosASinATanCaretGetPosCeilChrComCallComObjActiveComObjConnectComObjFlagsComObjFromPtrComObjGetComObjQueryComObjTypeComObjValueCosDllCallExpFileOpenFloorFormatFormatTimeGetMethodHasBaseHasMethodHasPropInStrIsAlnumIsAlphaIsDigitIsFloatIsIntegerIsLowerIsNumberIsObjectIsSetRefIsSpaceIsTimeIsUpperIsXDigitLnLogLTrimModNumGetNumPutObjAddRefObjBindMethodObjFromPtrObjFromPtrAddRefObjGetBaseObjGetCapacityObjHasOwnPropObjOwnPropCountObjOwnPropsObjPtrObjPtrAddRefObjReleaseObjSetBaseObjSetCapacityOrdRegCreateKeyRegDeleteRegDeleteKeyRegExMatchRegExReplaceRegReadRegWriteRoundRTrimRunWaitSinSoundGetInterfaceSoundGetMuteSoundGetNameSoundGetVolumeSoundSetMuteSoundSetVolumeSplitPathSqrtStrCompareStrGetStrLenStrLowerStrPtrStrPutStrReplaceStrTitleStrUpperSubStrTanTrimTypeVarSetStrCapacityVerCompareWinActiveWinExistAhkPathAhkVersionAllowMainWindowAppDataAppDataCommonClipboardComputerNameControlDelayCoordModeCaretCoordModeMenuCoordModeMouseCoordModePixelCoordModeToolTipCursorDDDDDDDDDDefaultMouseSpeedDesktopDesktopCommonEndCharEventInfoHotkeyIntervalHotkeyModifierTimeoutHourIconFileIconHiddenIconNumberIconTipIndexInitialWorkingDirIs64bitOSIsAdminIsCompiledIsCriticalIsPausedIsSuspendedKeyDelayKeyDelayPlayKeyDurationKeyDurationPlayLanguageLastErrorLineFileLineNumberLoopFieldLoopFileAttribLoopFileDirLoopFileExtLoopFileFullPathLoopFileNameLoopFilePathLoopFileShortNameLoopFileShortPathLoopFileSizeLoopFileSizeKBLoopFileSizeMBLoopFileTimeAccessedLoopFileTimeCreatedLoopFileTimeModifiedLoopReadLineLoopRegKeyLoopRegNameLoopRegTimeModifiedLoopRegTypeMaxHotkeysPerIntervalMDayMenuMaskKeyMMMonMouseDelayMouseDelayPlayMyDocumentsNowNowUTCOSVersionPriorHotkeyPriorKeyProgramFilesProgramsProgramsCommonPtrSizeRegViewScreenDPIScreenHeightScreenWidthScriptDirScriptFullPathScriptHwndScriptNameSecStartMenuStartMenuCommonStartupStartupCommonStoreCapsLockModeThisFuncThisHotkeyTickCountTimeIdleTimeIdleKeyboardTimeIdleMouseTimeIdlePhysicalTimeSincePriorHotkeyTimeSinceThisHotkeyTitleMatchModeTitleMatchModeSpeedTrayMenuUserNameWinDelayWinDirWorkingDirYearYYYY.ahk - %sRegClassCreateWindowConsolasHICON:"%s"notepad.exeCould not open script./include "%s" /restart /script "%s"Script file not found.%s
Source: AutoHotkeyUX.exe, 00000002.00000002.1671065802.00000000007F9000.00000004.00000010.00020000.00000000.sdmp, AutoHotkeyUX.exe, 00000003.00000002.2844314606.00000000007F8000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: ProgmanA
Source: AutoHotkey_2.0.12_setup.exe, 00000000.00000002.1650316409.00000000008C6000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1657426465.00000000032FB000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000002.1675919729.00000000008C6000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: ahk_groupTarget window not found.PosTarget control not found.%uCountSelectedFocusedind+-^HwndShell_TrayWndRtlGetVersionntdll.dll%u.%u.%u%s: %s...%s[%Iu of %Iu]: %-1.60s%sMinHide<object>AltTabShiftAltTabAltTabMenuAltTabAndMenuAltTabMenuDismissAbsACosASinATanCaretGetPosCeilChrComCallComObjActiveComObjConnectComObjFlagsComObjFromPtrComObjGetComObjQueryComObjTypeComObjValueCosDllCallExpFileOpenFloorFormatFormatTimeGetMethodHasBaseHasMethodHasPropInStrIsAlnumIsAlphaIsDigitIsFloatIsIntegerIsLowerIsNumberIsObjectIsSetRefIsSpaceIsTimeIsUpperIsXDigitLnLogLTrimModNumGetNumPutObjAddRefObjBindMethodObjFromPtrObjFromPtrAddRefObjGetBaseObjGetCapacityObjHasOwnPropObjOwnPropCountObjOwnPropsObjPtrObjPtrAddRefObjReleaseObjSetBaseObjSetCapacityOrdRegCreateKeyRegDeleteRegDeleteKeyRegExMatchRegExReplaceRegReadRegWriteRoundRTrimRunWaitSinSoundGetInterfaceSoundGetMuteSoundGetNameSoundGetVolumeSoundSetMuteSoundSetVolumeSplitPathSqrtStrCompareStrGetStrLenStrLowerStrPtrStrPutStrReplaceStrTitleStrUpperSubStrTanTrimTypeVarSetStrCapacityVerCompareWinActiveWinExistAhkPathAhkVersionAllowMainWindowAppDataAppDataCommonClipboardComputerNameControlDelayCoordModeCaretCoordModeMenuCoordModeMouseCoordModePixelCoordModeToolTipCursorDDDDDDDDDDefaultMouseSpeedDesktopDesktopCommonEndCharEventInfoHotkeyIntervalHotkeyModifierTimeoutHourIconFileIconHiddenIconNumberIconTipIndexInitialWorkingDirIs64bitOSIsAdminIsCompiledIsCriticalIsPausedIsSuspendedKeyDelayKeyDelayPlayKeyDurationKeyDurationPlayLanguageLastErrorLineFileLineNumberLoopFieldLoopFileAttribLoopFileDirLoopFileExtLoopFileFullPathLoopFileNameLoopFilePathLoopFileShortNameLoopFileShortPathLoopFileSizeLoopFileSizeKBLoopFileSizeMBLoopFileTimeAccessedLoopFileTimeCreatedLoopFileTimeModifiedLoopReadLineLoopRegKeyLoopRegNameLoopRegTimeModifiedLoopRegTypeMaxHotkeysPerIntervalMDayMenuMaskKeyMMMonMouseDelayMouseDelayPlayMyDocumentsNowNowUTCOSVersionPriorHotkeyPriorKeyProgramFilesProgramsProgramsCommonPtrSizeRegViewScreenDPIScreenHeightScreenWidthScriptDirScriptFullPathScriptHwndScriptNameSecStartMenuStartMenuCommonStartupStartupCommonStoreCapsLockModeThisFuncThisHotkeyTickCountTimeIdleTimeIdleKeyboardTimeIdleMouseTimeIdlePhysicalTimeSincePriorHotkeyTimeSinceThisHotkeyTitleMatchModeTitleMatchModeSpeedTrayMenuUserNameWinDelayWinDirWorkingDirYearYYYY.ahk - %sRegClassCreateWindowConsolasHICON:"%s"notepad.exeCould not open script./include "%s" /restart /script "%s"Script file not found.%s
Source: AutoHotkey_2.0.12_setup.exe, 00000000.00000002.1650316409.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000000.00000002.1650316409.00000000004CE000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000002.1675919729.00000000007AA000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: (Mmsctls_statusbar321No StatusBar.Press OK to continue.IsHungAppWindowahk_idpidProgram ManagerError text not found (please report)Q\E{0,DEFINEUTF16)UCP)NO_START_OPT)CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument is compiled in 8 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory

Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Queries volume information: C:\Program Files\AutoHotkey\v2\AutoHotkey32_UIA.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Queries volume information: C:\Program Files\AutoHotkey\v2\AutoHotkey64_UIA.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe

Code function: 2_2_0000000140035200 GetLocalTime,GetLocalTime,GetTimeFormatW,GetTimeFormatW,IsCharAlphaNumericW,IsCharAlphaNumericW,GetDateFormatW,GetDateFormatW,

2_2_0000000140035200

Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe

Code function: 2_2_000000014003D3B0 GetComputerNameW,GetUserNameW,

2_2_000000014003D3B0

Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe

Code function: 2_2_00000001400011A0 GetModuleHandleW,GetProcAddress,GetVersionExW,

2_2_00000001400011A0

Source: C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 2_2_0000000140045A80 UnhookWindowsHookEx,UnregisterHotKey,Shell_NotifyIconW,RemoveClipboardFormatListener,DestroyWindow,DeleteObject,DestroyIcon,DestroyIcon,RemoveMenu,DestroyMenu,DeleteObject,IsWindow,DestroyWindow,mciSendStringW,mciSendStringW,DeleteCriticalSection,OleUninitialize,	2_2_0000000140045A80
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140066310 AddClipboardFormatListener,RemoveClipboardFormatListener,	3_2_0000000140066310
Source: C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	Code function: 3_2_0000000140045A80 UnhookWindowsHookEx,UnregisterHotKey,Shell_NotifyIconW,RemoveClipboardFormatListener,DestroyWindow,DeleteObject,DestroyIcon,DestroyIcon,RemoveMenu,DestroyMenu,DeleteObject,IsWindow,DestroyWindow,mciSendStringW,mciSendStringW,DeleteCriticalSection,OleUninitialize,	3_2_0000000140045A80

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Valid Accounts	1 Native API	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	1 Disable or Modify Tools	21 Input Capture	11 System Time Discovery	Remote Services	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	1 Valid Accounts	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	1 Screen Capture	1 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 Windows Service	1 Valid Accounts	21 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	21 Input Capture	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	1 Registry Run Keys / Startup Folder	11 Access Token Manipulation	1 Install Root Certificate	NTDS	26 System Information Discovery	Distributed Component Object Model	3 Clipboard Data	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	1 Windows Service	1 Software Packing	LSA Secrets	23 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	2 Process Injection	1 DLL Side-Loading	Cached Domain Credentials	2 Process Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	1 Registry Run Keys / Startup Folder	3 Masquerading	DCSync	11 Application Window Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Valid Accounts	Proc Filesystem	1 System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	11 Access Token Manipulation	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	2 Process Injection	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	1 Hidden Files and Directories	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
AutoHotkey_2.0.12_setup.exe	35%	ReversingLabs	Win32.Trojan.Generic
AutoHotkey_2.0.12_setup.exe	35%	Virustotal		Browse
AutoHotkey_2.0.12_setup.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Link
C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\AutoHotkey32.exe	13%	ReversingLabs
C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\AutoHotkey32.exe	14%	Virustotal	Browse
C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\AutoHotkey64.exe	0%	ReversingLabs
C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\AutoHotkey64.exe	0%	Virustotal	Browse
C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	0%	ReversingLabs
C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	0%	Virustotal	Browse
C:\Program Files\AutoHotkey\v2\AutoHotkey32.exe	13%	ReversingLabs
C:\Program Files\AutoHotkey\v2\AutoHotkey32.exe	14%	Virustotal	Browse
C:\Program Files\AutoHotkey\v2\AutoHotkey64.exe	0%	ReversingLabs
C:\Program Files\AutoHotkey\v2\AutoHotkey64.exe	0%	Virustotal	Browse
C:\Program Files\AutoHotkey\v2\RCXC8B7.tmp	11%	ReversingLabs
C:\Program Files\AutoHotkey\v2\RCXC8B7.tmp	6%	Virustotal	Browse
C:\Program Files\AutoHotkey\v2\RCXC9D2.tmp	0%	ReversingLabs
C:\Program Files\AutoHotkey\v2\RCXC9D2.tmp	0%	Virustotal	Browse

Source	Detection	Scanner	Label
https://autohotkey.comCould	0%	URL Reputation	safe
https://autohotkey.comx	0%	Avira URL Cloud	safe
https://autohotkey.com6122658-3693405117-2476756634-1002	0%	Avira URL Cloud	safe

Name	Source	Malicious	Antivirus Detection	Reputation
https://autohotkey.com/board/topic/66139-ahk-l-calculating-md5sha-checksum-from-file/	AutoHotkey_2.0.12_setup.exe, AutoHotkey_2.0.12_setup.exe, 00000000.00000002.1650316409.00000000008C6000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000002.1675919729.00000000008C6000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1661601618.00000000032F8000.00000004.00000020.00020000.00000000.sdmp, HashFile.ahk0.1.dr, HashFile.ahk.1.dr	false		high
https://autohotkey.comx	AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1654219063.0000000004C50000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1675253556.0000000004C4E000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1669568690.0000000004C50000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000002.1677686567.0000000004C50000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.autohotkey.com/download/	install-version.ahk.1.dr, launcher.ahk.1.dr, launcher.ahk0.1.dr	false		high
https://www.autohotkey.com/docs/v2/	ui-dash.ahk0.1.dr	false		high
https://www.autohotkey.com/docs/v1/	AutoHotkeyUX.exe, 00000003.00000003.1673973935.0000000000170000.00000004.00000020.00020000.00000000.sdmp, AutoHotkeyUX.exe, 00000003.00000002.2844452266.0000000000CE0000.00000004.00000020.00020000.00000000.sdmp, ui-dash.ahk.1.dr, ui-dash.ahk0.1.dr	false		high
http://msdn.com/library/bb756929	AutoHotkey_2.0.12_setup.exe, 00000000.00000002.1650316409.00000000008C6000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000002.1675919729.00000000008C6000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1662851164.0000000004C6F000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1658658628.00000000032F2000.00000004.00000020.00020000.00000000.sdmp, install.ahk0.1.dr, install.ahk.1.dr	false		high
https://autohotkey.com	AutoHotkeyUX.exe, AutoHotkeyUX.exe, 00000003.00000000.1672423841.00000001400FB000.00000002.00000001.01000000.00000007.sdmp, RCXC9D2.tmp.1.dr, AutoHotkeyUX.exe.1.dr, install.ahk0.1.dr, install.ahk.1.dr, AutoHotkey32.exe.1.dr, AutoHotkey64.exe0.1.dr, RCXC8B7.tmp.1.dr, AutoHotkey32.exe0.1.dr, AutoHotkey64_UIA.exe.1.dr, AutoHotkey32_UIA.exe.1.dr, AutoHotkey64.exe.1.dr	false		high
https://api.github.com/repos/	AutoHotkey_2.0.12_setup.exe, AutoHotkey_2.0.12_setup.exe, 00000000.00000002.1650316409.00000000008C6000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000002.1675919729.00000000008C6000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1661477020.00000000032FE000.00000004.00000020.00020000.00000000.sdmp, GetGitHubReleaseAssetURL.ahk.1.dr, GetGitHubReleaseAssetURL.ahk0.1.dr	false		high
https://autohotkey.com6122658-3693405117-2476756634-1002	AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1675115571.0000000000EBB000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1674958594.0000000000EB8000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000002.1676929026.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://autohotkey.comCould	AutoHotkey_2.0.12_setup.exe, 00000000.00000002.1650316409.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000000.00000002.1650316409.00000000008C6000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000000.00000002.1650316409.00000000004CE000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1657426465.00000000032FB000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000002.1675919729.00000000008C6000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1667999256.0000000005ADE000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1666681857.0000000004CE0000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1658294710.00000000032F0000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000002.1675919729.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000002.1675919729.00000000004CE000.00000040.00000001.01000000.00000003.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1656985053.00000000033C1000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1662797233.0000000004C90000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1666211341.0000000005BAC000.00000004.00000020.00020000.00000000.sdmp, AutoHotkey_2.0.12_setup.exe, 00000001.00000003.1656610056.0000000004C90000.00000004.00000020.00020000.00000000.sdmp, AutoHotkeyUX.exe, 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmp, AutoHotkeyUX.exe, 00000003.00000000.1672423841.00000001400FB000.00000002.00000001.01000000.00000007.sdmp, RCXC9D2.tmp.1.dr, AutoHotkeyUX.exe.1.dr, AutoHotkey32.exe.1.dr, AutoHotkey64.exe0.1.dr, RCXC8B7.tmp.1.dr	false	URL Reputation: safe	unknown
https://www.autohotkey.com/docs/v2/misc/Editors.htm	AutoHotkeyUX.exe, 00000003.00000003.1673973935.0000000000170000.00000004.00000020.00020000.00000000.sdmp, ui-editor.ahk.1.dr, ui-editor.ahk0.1.dr	false		high

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1417389
Start date and time:	2024-03-29 07:48:31 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 27s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	AutoHotkey_2.0.12_setup.exe
Detection:	MAL
Classification:	mal76.evad.winEXE@6/78@0/0
EGA Information:	Successful, ratio: 50%
HCA Information:	Successful, ratio: 65% Number of executed functions: 48 Number of non-executed functions: 203
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target AutoHotkey_2.0.12_setup.exe, PID 6576 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
07:49:14	API Interceptor	2x Sleep call for process: AutoHotkey_2.0.12_setup.exe modified
07:49:21	API Interceptor	2x Sleep call for process: AutoHotkeyUX.exe modified

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	MS Windows HtmlHelp Data
Category:	dropped
Size (bytes):	2001344
Entropy (8bit):	7.995473310759226
Encrypted:	true
SSDEEP:	49152:8gtJD4GrdWKYzvZ51ixTVdyFEI6VHMiYB0MG:8gtGOyjuXHlhMiNZ
MD5:	E42714518B26BC65D26B813E182F90CD
SHA1:	1D739F1071E4A087234A8B73C32786BAECF815E5
SHA-256:	10FDFCE6830404381A0C9BE77F7C149760FD0ADE8DD65571FFFEB6C8C5008553
SHA-512:	195E4277E006DC326F0BDA15EEC2B190440D6937120DD1AAC99C80CCCF85ADC8A4F2C21381EB65D5EF24CC0C6C438973D9D30E6DA6EA22B7AFCC7E46002CB980
Malicious:	false
Reputation:	low
Preview:	ITSF....`.......&..........\|.{.......".....\|.{......."..`...............x.......T`.......`..............................ITSP....T...........................................j..].!......."..T...............PMGLQ................/..../#IDXHDR....O.../#ITBITS..../#STRINGS....y..../#SYSTEM....(./#TOPICS....O.../#URLSTR....3..F./#URLTBL...._.T./#WINDOWS....2.L./$FIftiMain....[..t./$OBJINST......?./$WWAssociativeLinks/..../$WWAssociativeLinks/Property......./$WWKeywordLinks/..../$WWKeywordLinks/BTree....~..L./$WWKeywordLinks/Data....J.\|./$WWKeywordLinks/Map....F.2./$WWKeywordLinks/Property....x ./docs/..../docs/AHKL_DBGPClients.htm......../docs/ChangeLog.htm...]..../docs/Compat.htm....:.E./docs/Concepts.htm..)..;./docs/FAQ.htm....4..../docs/Functions.htm...n..F./docs/HotkeyFeatures.htm....K.L./docs/Hotkeys.htm......"./docs/Hotstrings.htm...N..6./docs/howto/..../docs/howto/Install.htm..../.A./docs/howto/ManageWindows.htm....&.v./docs/howto/RunExamples.htm....].e./docs/howto/RunPrograms.htm....

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\AutoHotkey32.exe

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	979968
Entropy (8bit):	6.478182737646768
Encrypted:	false
SSDEEP:	24576:UnbyRuLHeIj86TTuQbyB3+vETrGNW8NxqxYk:2yKgqEvGNW83qxY
MD5:	8BC086A1CE0B394DE31CD415A3CD0E87
SHA1:	620FBFC0FCE8067A9AF12C0E3267F8C17C658D6A
SHA-256:	05FCAF6F09B9FE4B85887F75183310D34166A0B854CA0907B497808BE7B8F87D
SHA-512:	0F989B2584FDBFDE2EA01DD0AC7FF7C51DA0063AB01C57053DDF15547BA7187F2795D5013BEFF558431FE0DB0A1A0AF991DBC4AF455CD86BA7D4676366104237
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 13% Antivirus: Virustotal, Detection: 14%, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........=aS.S2S.S2S.S2..P3].S2F.V3..S2F.W3F.S2F.P3J.S2..W3H.S2..V3..S2..U3R.S2..R3r.S2S.R2..S2ekP3R.S2ekZ3..S2ek.2R.S2ekQ3R.S2RichS.S2........PE..L......e...............%.h..........9.............@..........................P................@.............................l...T.......................................8...........................0...@............................................text....f.......h.................. ..`.rdata..4............l..............@..@.data...4.... ...b..................@....rsrc................n..............@..@........................................................................................................................................................................................................................................................................................................................................

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\AutoHotkey64.exe

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1256448
Entropy (8bit):	6.40012168761782
Encrypted:	false
SSDEEP:	24576:Ve1psX+O47m4ffJhxZ4rBcRyMlc/SsVNGgMxCRjU:Vek+bi4ffJhxZ4axcbHGPWj
MD5:	825448610A8213A8408578DF2361D5EB
SHA1:	F43875855E4F02010AD6C755067B813D0FCBE68A
SHA-256:	37FF15A23A98F0A658298E21F1873CA896A05208810BF796F90CA212EE07C7B1
SHA-512:	7556143128878B2E765309DB8B35CC8206D325C0C17C37B191600BD8F719A923B0F917F4C53F0946ED2D12136A9E42774246595EED78F1038779FDCBD3736EEE
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./...kl..kl..kl.. ...\|l..~...El..~...xl..~...bl.. ...rl.. ....l.. ...jl.. ...Jl..kl...m..].il..].)l..].j.jl..].jl..Richkl..........PE..d......e..........#....%.......................@.......................................... ...@.................................................T....@..............................@...8...............................@............................................text...v........................... ..`.rdata..............................@..@.data...............................@....pdata..............."..............@..@_RDATA..\....0......................@..@.rsrc........@......................@..@........................................................................................................................................................................................................................................

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\Install.cmd

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	4.768048195759553
Encrypted:	false
SSDEEP:	3:mKDDFRKn9+/Vo5WbvHAtIv74o:hGBF+v74o
MD5:	4CFB569D3628B7E14E729DE9956CC24B
SHA1:	D3A21DC771779E1785CF67867C7BC98AD4A7F001
SHA-256:	DB2578B4EE5617F45ACFFB3AF21E1D3FC31CDCF035DD9227C8061A950AA015E7
SHA-512:	7191C30B530C18BC2B30D96BC4D19164195EB6EF581366D836AFF85A05C57EE94870092209BBE43DA888D9946B0BB764BA18BEFB92B7560B494555A6239198AF
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	@echo off..start "" "%~dp0AutoHotkey32.exe" "%~dp0UX\ui-setup.ahk"

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\Templates\Minimal for v2.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	93
Entropy (8bit):	4.865096009935425
Encrypted:	false
SSDEEP:	3:UZ3/M4yt79CgfyPa3AO2V5FTxyov:UZv5yuwyHbTxyov
MD5:	CDC8756680C459BD511D2BD2895FE2B2
SHA1:	A7EA57FD628CFE2F664F2647510C6A412C520DFB
SHA-256:	7F618D3CA343A0739A52A4A3C4F5B963ED98DC077B60C65FDC77D70FB0EC12D3
SHA-512:	101722EB5BBA352D557E7D70704E24A54A129276857E8CC13F40DA26DFA9267A67DE79E52A0F552FF676D1825D0FB2EB467837B397D2E6905FA90D6891BCCD45
Malicious:	false
Preview:	/..[NewScriptTemplate]..Description = Just #Requires v2.0../..#Requires AutoHotkey v2.0....

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\WindowSpy.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	8170
Entropy (8bit):	5.024273106737054
Encrypted:	false
SSDEEP:	192:/iD+QOFljN97L5joVGhwj6y2h2Vfb/xHFiyOdKZBlb0esEOSZ9o3Iu7:/m+QwhN97LFoVAwf2hEfdHFiyOqqeROf
MD5:	E2067D978526B83A1DA967F16A69C125
SHA1:	08000FB66E6F1B1FCD450F32E1757A39B3A7BA16
SHA-256:	040404A4DEF02F17CDAFDA938F5B63FC2181940BA1290DA5742DB0862C07166E
SHA-512:	A453669B15C18F24A989A57441F961861578C09C145A4364C982410E5E05AB09B05AD4A77929CCF4AB9E00E5E3D73029A13660156BF4EEF9011ACCFD59800EA0
Malicious:	false
Preview:	; ..; Window Spy for AHKv2..;....#Requires AutoHotkey v2.0....#NoTrayIcon..#SingleInstance Ignore..SetWorkingDir A_ScriptDir..CoordMode "Pixel", "Screen"....Global oGui....WinSpyGui()....WinSpyGui() {.. Global oGui.. .. try TraySetIcon "inc\spy.ico".. DllCall("shell32\SetCurrentProcessExplicitAppUserModelID", "wstr", "AutoHotkey.WindowSpy").. .. oGui := Gui("AlwaysOnTop Resize MinSize +DPIScale","Window Spy for AHKv2").. oGui.OnEvent("Close",WinSpyClose).. oGui.OnEvent("Size",WinSpySize).. .. oGui.SetFont('s9', "Segoe UI").. .. oGui.Add("Text",,"Window Title, Class and Process:").. oGui.Add("Checkbox","yp xp+200 w120 Right vCtrl_FollowMouse","Follow Mouse").Value := 1.. oGui.Add("Edit","xm w320 r5 ReadOnly -Wrap vCtrl_Title").. oGui.Add("Text",,"Mouse Position:").. oGui.Add("Edit","w320 r4 ReadOnly vCtrl_MousePos").. oGui.Add("Text","w320 vCtrl_CtrlLabel",(txtFocusCtrl := "Focused Control") ":").. oGui.Add("Edit","w320 r4 ReadOnly v

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\CommandLineToArgs.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	352
Entropy (8bit):	4.914101368991569
Encrypted:	false
SSDEEP:	6:1FQp9ODHKATpQEJFn9p6gklJtW3gSsMNFi7N/WGBQqOOccE4gggDHpK/Lkvle:1wsKE54TvZX7N/tW/ODHGpSLk9e
MD5:	E8D9A7E78D6A2A40BFB532B4812BDE59
SHA1:	5674B63092A69C419A42BAB9E7462BDE3BDB3CAD
SHA-256:	A6C51E2188E31E3510577263D7B96DB147B0DF3DFA24C96DF8FDD9D73DA859EE
SHA-512:	DD7D78C7724DCA4684C732B0F3F8E73AF67610DE8945255B48B9301672AC0B4F405C802A8CD4C343D53266F492D2D0DCD2727B5EBDB9E90CFC9173876B9AB905
Malicious:	false
Preview:	..CommandLineToArgs(cmd) {.. argv := DllCall("shell32\CommandLineToArgvW", "wstr", cmd, 'int', &narg:=0, "ptr").. try {.. args := [].. Loop args.Capacity := narg.. args.Push(StrGet(NumGet(argv, (A_Index-1)A_PtrSize, "ptr"), "UTF-16")).. }.. finally.. DllCall("LocalFree", "ptr", argv).. return args..}..

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\CreateAppShortcut.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1578
Entropy (8bit):	5.176343578065276
Encrypted:	false
SSDEEP:	24:+RemXj4qm4Z6CNeSSeqDe2eTA0EBuddsu9ruLc+cnwYit8BedM44we8wLdstjoj7:uDpn0sqCJFEBqbpjwYTMdGvutN1QmIj
MD5:	2FFBDE65B63790C5AA12996E9EF9068C
SHA1:	A793986E4E72D5B5A866E927855EACC3A0399A7A
SHA-256:	40A6F0CDA5FD1DFF324CAB288BB453AA60B41B09DACBFBC64F2D871423F33935
SHA-512:	315B2803C8E803B238E87DE63A5737350E41D248F67C54662341CA889C3BD5FC6FC2F516CA20F1FF4D74FCA4AF247B64EC7795D4C4E8990FFFCE49BBF037A906
Malicious:	false
Preview:	CreateAppShortcut(linkFile, p) {.. ;target, args, description, aumid, uninst?.. lnk := ComObject('{00021401-0000-0000-C000-000000000046}' ; CLSID_ShellLink.. ,'{000214F9-0000-0000-C000-000000000046}') ; IID_IShellLink.. .. ComCall(20, lnk, 'wstr', p.target).. ComCall(11, lnk, 'wstr', p.HasProp('args') ? p.args : "").. ComCall(7, lnk, 'wstr', p.desc).. if p.HasProp('icon').. ComCall(17, lnk, 'wstr', p.icon, 'int', p.HasProp('iconIndex') ? p.iconIndex : 0).. .. ; Set the System.AppUserModel.ID property via IPropertyStore.. props := ComObjQuery(lnk, '{886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99}').. static PKEY_AppUserModel_ID := PKEY('{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3}', 5).. static PKEY_AppUserModel_UninstallCommand := PKEY('{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3}', 37).. setProp PKEY_AppUserModel_ID, p.aumid.. if p.HasProp('uninst').. setProp PKEY_AppUserModel_UninstallCommand, p.uninst.. .. ; S

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\EnableUIAccess.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	10734
Entropy (8bit):	5.231689303124814
Encrypted:	false
SSDEEP:	192:RA1uaqk4Ka6BYzrxPrtRdSE6hyj4rGp+HCOvFrBScc8W4:+uaqkpaPh1sFBfcU
MD5:	65D05EC61CCA0547E218655E65E5EA7C
SHA1:	1CF93558BB9F1AE5A055B3F9085BF4166B7F43DD
SHA-256:	A9A824A763195E5810BF904854AF7ED41C025527B2B8FAA7532C6F24189D69B9
SHA-512:	65172FA0F9148106E44FDE99E0BCAD173C4EEF405A19B1F54961F2A248F6E6B0A05568D728E83D6582113D0D12A5E87CE763C53271C4D52B9362B19E22EA7D23
Malicious:	false
Preview:	EnableUIAccess(ExePath) {.. static CertName := "AutoHotkey".. hStore := DllCall("Crypt32\CertOpenStore", "ptr", 10 ; STORE_PROV_SYSTEM_W.. , "uint", 0, "ptr", 0, "uint", 0x20000 ; SYSTEM_STORE_LOCAL_MACHINE.. , "wstr", "Root", "ptr").. if !hStore.. throw OSError().. store := CertStore(hStore).. ; Find or create certificate for signing... cert := CertContext().. while (cert.ptr := DllCall("Crypt32\CertFindCertificateInStore", "ptr", hStore.. , "uint", 0x10001 ; X509_ASN_ENCODING\|PKCS_7_ASN_ENCODING.. , "uint", 0, "uint", 0x80007 ; FIND_SUBJECT_STR.. , "wstr", CertName, "ptr", cert.ptr, "ptr")).. && !(DllCall("Crypt32\CryptAcquireCertificatePrivateKey".. , "ptr", cert, "uint", 5 ; CRYPT_ACQUIRE_CACHE_FLAG\|CRYPT_ACQUIRE_COMPARE_KEY_FLAG.. , "ptr", 0, "ptr", 0, "uint", &keySpec:=0, "ptr", 0).. && (keySpec & 2)) { ; AT_SIGNATURE.. ; Keep looking for a certificate with

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\GetGitHubReleaseAssetURL.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	844
Entropy (8bit):	4.810009492650111
Encrypted:	false
SSDEEP:	24:ybRJL5QOLrG0ogFhcEfF6iiwADuzheOj9E:y1JNQOL60ogFrf4uDAwm
MD5:	1A8AB9BB38FD0DA51D03DC48E3A0B2EA
SHA1:	5C74DDD45C91A39B921139881C76C48C97E35825
SHA-256:	48A3F822A720B8E9B41165A1D19D56411D1F58036338EBD07AB40F2A14CF0F1B
SHA-512:	1B88603FB9EB28E717CB77623FF0159F5F45E677C34316DC0C5D5C2ED46C59F10D3AFB532B1F99920F91B8098E544873F944B1E0E575EFD694DD24BDCA22C14E
Malicious:	false
Preview:	GetGitHubReleaseAssetURL(repo, ext:='.zip', release:='latest') {.. req := ComObject('Msxml2.XMLHTTP').. req.open('GET', 'https://api.github.com/repos/' repo '/releases/' release, false).. req.send().. if req.status != 200.. throw Error(req.status ' - ' req.statusText, -1).. .. res := JSON_parse(req.responseText).. try.. assets := res.assets.. catch PropertyError.. throw Error(res.message, -1).. .. loop assets.length {.. asset := assets.%A_Index-1%.. if SubStr(asset.name, -StrLen(ext)) = ext {.. return asset.browser_download_url.. }.. }.. .. JSON_parse(str) {.. htmlfile := ComObject('htmlfile').. htmlfile.write('<meta http-equiv="X-UA-Compatible" content="IE=edge">').. return htmlfile.parentWindow.JSON.parse(str).. }..}

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\HashFile.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2432
Entropy (8bit):	5.429608282178578
Encrypted:	false
SSDEEP:	48:RCQeNhzam2kwyXXmkDEaVlKjdkOBJlYg9A1kWVIDi:RCQeNhwkoAQ7Q18O
MD5:	727AE6F2EC77A5B56774DF9DA14636D2
SHA1:	8216A2122C825127CA59B05B0BAE0D57E92F1110
SHA-256:	84032ECAC8ED334CF8788A81BEA721B0AF5CD7CA7DCA57B60CDEC3556AE33914
SHA-512:	F1058216B5D1B8D590EB4CAFD5139F71F8DF5F96A3FCC314A7635CB1B99DE8623D87C57C567868EBDAFB09925B8D13FDADCEE49FA89F1A239725A92B948272CC
Malicious:	false
Preview:	; HashFile by Deo..; https://autohotkey.com/board/topic/66139-ahk-l-calculating-md5sha-checksum-from-file/..; Modified for AutoHotkey v2 by lexikos.....#Requires AutoHotkey v2.0-beta..../..HASH types:..1 - MD2..2 - MD5..3 - SHA..4 - SHA256..5 - SHA384..6 - SHA512../..HashFile(filePath, hashType:=2)..{...static PROV_RSA_AES := 24...static CRYPT_VERIFYCONTEXT := 0xF0000000...static BUFF_SIZE := 1024 * 1024 ; 1 MB...static HP_HASHVAL := 0x0002...static HP_HASHSIZE := 0x0004..... switch hashType {.. case 1: hash_alg := (CALG_MD2 := 32769).. case 2: hash_alg := (CALG_MD5 := 32771).. case 3: hash_alg := (CALG_SHA := 32772).. case 4: hash_alg := (CALG_SHA_256 := 32780).. case 5: hash_alg := (CALG_SHA_384 := 32781).. case 6: hash_alg := (CALG_SHA_512 := 32782).. default: throw ValueError('Invalid hashType', -1, hashType).. }......f := FileOpen(filePath, "r").. f.Pos := 0 ; Rewind in case of BOM... .. HCRYPTPROV() => {.. p

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\README.txt

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	182
Entropy (8bit):	4.286514883049412
Encrypted:	false
SSDEEP:	3:BUQPXtHVbx+Lgz5JcLHQtEcFHk9g/PM/eEFBpcOvsRyhKQvArXGtFDAE/URqnn:B3HVbvXIwtPHrQrByOkAhKQvACthAhRe
MD5:	4B095AAE00456AA248024A184671E4D5
SHA1:	84AE516FBC62CE0AA10FFEACD7BA865A35A0A375
SHA-256:	D65C6E73417E6BBA7A619F2E68933B74E6AE6141277B65542AED9B6ACDFC83FF
SHA-512:	77AABE92719D8FC7A28C76F3B76FA2E42A188DB14F004262D8E913620AA990CDE29119B82D919511FC0D828CA0A108EA79858BA158B6A8ED6A260B72B4EE229D
Malicious:	false
Preview:	Scripts in this directory may be copied and used freely, but..may be removed or modified without notice by any future release...Do not #include them directly; instead, create a copy.

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\ShellRun.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	420
Entropy (8bit):	5.234753324124194
Encrypted:	false
SSDEEP:	12:9YEvTDHflQK7AqMVQ31Uk5q66BODjNAhQ3JA:+EvTjtzAqh6k5jrO
MD5:	9E53FCA8C7F6A9EE179F0FC0A7890EA3
SHA1:	DC2A1BF437EEA36B3F5BA9318F3B391B405D5CB2
SHA-256:	EA67340C555FDC1ABF8E324AC550AC37D2BA5F96A8EDEF120E72FB340F8F95C0
SHA-512:	CAD5C07F952FB93413B4A3990C522BA4B446AE41F11C8DD323BDCDE1B30FBFD76515606D5DC4BCB8768BD382CDB82553801539A192B002696D253341F3C0DBC5
Malicious:	false
Preview:	; For documentation about the parameters, refer to:..; https://learn.microsoft.com/en-us/windows/win32/shell/shell-shellexecute..ShellRun(filePath, arguments?, directory?, operation?, show?) {.. static VT_UI4 := 0x13, SWC_DESKTOP := ComValue(VT_UI4, 0x8).. ComObject("Shell.Application").Windows.Item(SWC_DESKTOP).Document.Application.. .ShellExecute(filePath, arguments?, directory?, operation?, show?)..}

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\bounce-v1.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	142
Entropy (8bit):	4.4755179547678345
Encrypted:	false
SSDEEP:	3:a/GeA+gCFWVVIQGJXbtBXD7r9FV1oUqERA1MtAEKLENOn:a/5A+QVMJXBpXRFVOjERAGtUENOn
MD5:	165B8FC572F943E3665994F87F1772B7
SHA1:	265CA3D2A66A7E1807962EB7E8A444CEFB61BC0C
SHA-256:	9B75C7F804D1D55807459E6F06DB2BEE8E1FB60CE9C9340D44A7B491CE53B982
SHA-512:	E675453EEF9A10560CB9EA95E993D8068C8DFCA3664A140B6BA33361D0736632B8CE3A37770411583F558476173294BCC12B83BF33190D89EB009BFB9BB5F0AF
Malicious:	false
Preview:	; v1: includes the file from the script's directory...; v2: does nothing because the path is relative to this file...#include *i reload-v1.ahk

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\common.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	688
Entropy (8bit):	5.235085398227736
Encrypted:	false
SSDEEP:	12:/ESUoz6Ls/umIRuccWJZw/EWZ5h/ELcMWZOezx+3O/RYo3hj/ZA8Q/L59O/aBen:/Evo2L4QeWuZ/3jYo3/0Ln+Oe
MD5:	DAC79AD5A978F0497DE70A005B6A6084
SHA1:	DB100CE15998772FE322679468F46B0F25239EB4
SHA-256:	DBC1420C9368E954176CD1BC38C0BF5498D721CB7DEE50B5ABEF51611A33C658
SHA-512:	9F2A2C0E01724EF82860CFB97FBE6196D29B3B41080F04B3F51653F2F535849428B0A245BC954AA57569AA660D5A5A20D2D1E0DBB9081D718BF2DEDDB051F47C
Malicious:	false
Preview:	A_AllowMainWindow := true..if A_AhkPath != A_ScriptDir '\AutoHotkeyUX.exe' {.. ; Standalone, compiled or test mode: locate InstallDir via registry.. DirExist(ROOT_DIR := RegRead('HKCU\SOFTWARE\AutoHotkey', 'InstallDir', "")).. \|\| (ROOT_DIR := RegRead('HKLM\SOFTWARE\AutoHotkey', 'InstallDir', ""))..}..if (ROOT_DIR ?? "") = "" \|\| !DirExist(ROOT_DIR).. Loop Files A_ScriptDir '\..', 'D'.. ROOT_DIR := A_LoopFileFullPath....if !trace.Enabled := RegRead('HKCU\Software\AutoHotkey', 'Trace', false).. trace.DefineProp 'call', {call: () => ''}....#include config.ahk....trace(s) {.. try.. FileAppend s "`n", "".. catch.. OutputDebug s "`n"..}..

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\config.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	429
Entropy (8bit):	5.26163110122379
Encrypted:	false
SSDEEP:	12:oqQS/VkUZQjNySLmIK5aymKYeJUmJbSQ4JDta1y:dNkVNy2K5eeJvJbv4JJcy
MD5:	248B58535F55EB55D9BAEC04A384B5E6
SHA1:	76D067318B67DA9A3DA71A232A887C8935C7068F
SHA-256:	4D1F241A0C973E30F1BF19E71CADB386B872A14BF0C29D32D4781A56CAFD998A
SHA-512:	0186EB49DA706C6CC6F48ECD94A4996C258ECEA10BED26B9C79BDDF0F7ECA32DF1449166309237859CA2508427BF79D447A2202EAEBA211228DA9822646CF23A
Malicious:	false
Preview:	..; CONFIG_FILE_PATH := A_MyDocuments "\AutoHotkey\AutoHotkey.ini"..CONFIG_KEY := 'HKCU\Software\AutoHotkey'....ConfigRead(section, key, default) {.. ; return IniRead(CONFIG_FILE_PATH, section, key, default).. return RegRead(CONFIG_KEY '\' section, key, default)..}....ConfigWrite(value, section, key) {.. ; IniWrite(value, CONFIG_FILE_PATH, section, key).. RegWrite(value, 'REG_SZ', CONFIG_KEY '\' section, key)..}..

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\identify.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1065
Entropy (8bit):	4.577078861855727
Encrypted:	false
SSDEEP:	24:R6bKtOSlRV2+O2WF3Q7DolfoV9OlCLUD47/HSoKVLbJlsLJc:obF42C9OlCoDz1lMc
MD5:	3E5C97E6C3A76686329C81FBA864B26B
SHA1:	EC111D01A5299DE2CA93C5441E92BB49D9D5E710
SHA-256:	F5B97911887C303B6859DE44EFF73780309E31E931DCBA86A66AAAFBE932AF72
SHA-512:	C70BA459ABB2C35EDFD62DFBE6EFB9C54D5341802A72AC7D6B3B63877F28A97A974B96B6DE747E29909550D6BA2C5D14DA40BEF6D91841C5C8C5A903697307C7
Malicious:	false
Preview:	#include identify_regex.ahk....IdentifyBySyntax(code) {.. static identify_regex := get_identify_regex().. p := 1, count_1 := count_2 := 0, version := marks := ''.. try while (p := RegExMatch(code, identify_regex, &m, p)) {.. p += m.Len().. if SubStr(m.mark,1,1) = 'v' {.. switch SubStr(m.mark,2,1) { .. case '1': count_1++.. case '2': count_2++.. }.. if !InStr(marks, m.mark).. marks .= m.mark ' '.. }.. }.. catch as e.. return {v: 0, r: "error", err: e, pos: p}.. if !(count_1 \|\| count_2).. return {v: 0, r: "no tell-tale matches"}.. ; Use a simple, cautious approach for now: select a version only if there were.. ; matches for exactly one version... if count_1 && count_2.. return {v: 0, r: Format(.. count_1 > count_2 ? "v1 {1}:{2} - {3}" : count_2 > count_1 ? "v2 {2}:{1} - {3}" : "? {1}:{2} - {3}",.. count_1, count_2, Trim(marks).

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\identify_regex.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	ASCII text, with very long lines (3982), with CRLF line terminators
Category:	dropped
Size (bytes):	4018
Entropy (8bit):	5.309111673003908
Encrypted:	false
SSDEEP:	96:6Z2eX4Mjt29rVduPDOym1m35CA2OLiZk8+1bi039:6Rtjg9YOaLiZk8+R
MD5:	F27F09D324016BD49D2DA38901E79A61
SHA1:	F2AF4EA1CA36DC4ED53BA3A5817B83D457C9029C
SHA-256:	C2563AB626DF892398083404ACECC5229300BA7DC6077B120844C65FACFAD854
SHA-512:	1DD5A6DDF87A3026F5B2D468197173AF0C4E6C2EEAB64113BCD2BBD56BE46089E546F694FEA2416AADC9C2669070B29EF26EC689DFBE73DEF8AF6FD0DE310D04
Malicious:	false
Preview:	get_identify_regex() => '..(..(?(DEFINE)(?<line_comment>(?<![^ `t`r`n]);.)(?<block_comment>(?m:^[ `t]/\(?:.\R?)+?(?:[ `t]\/\|.\Z)))(?<eol>(?=[ `t]+(?&line_comment)?(?m:$)))(?<tosol>(?:(?&eol).\R\|(?&block_comment))++)(?<toeol>(?:[^ `t`r`n]++\|[ `t]+(?!(?&eol)))+)(?<contsec>[ `t]+$(?i:Join[^ `t`r`n]+\|(?&line_comment)\|[^ `t`r`n()]++\|[ `t]++)+\R(?:[ `t]+(?!$).\R)+[ `t]+\))(?<solcont>[ `t]+(?:,(?!::\| +& )\|[<>=/\|^,?:\.+\-&!~](?![^"'`r`n]?(?:".?::(?!.?")\|'.?::(?!.?')\|::))\|(?i:AND\|OR)(?=[ `t])))(?<eolcont>(?&eol)(?:(?<ec_bad>(?<=:=)\|(?<=[:,]))\|(?<=[<>=/\|^,?:\.+\-&!~](?<!\+\+\|--))\|(?<=(?<![\w[:^ascii:]\.])(?i:OR\|IS\|AS\|IN))\|(?<=(?<![\w[:^ascii:]\.])(?i:AND\|NOT))\|(?<=(?<![\w[:^ascii:]\.])(?i:CONTAINS)))(?&tosol)(?:(?&contsec)\|(?(ec_bad)\|(:v2-cle))))(?<v1_cont>(?&tosol)(?:(?&solcont)(?&subexp)\|[ `t]+,[ `t]+(?=%)(?&pct)\|(?&contsec)(?&ambig)))(?<v1_fin>(?:.+(?&v1_cont)).+)(?<ambig>(?:(?&exp)\|(?&v1_cont)\|.+)++(:~))(?<pct>(?=%[ `t])(?:(?&subexp)(?&exp)\|(?&v1_fin)(*:v1

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\launcher-common.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2613
Entropy (8bit):	4.984139073207136
Encrypted:	false
SSDEEP:	48:k8u94OWLJitj8Zk2L6eY4Y5u60P8w9XMwSv0s5P5UNctPyfFOi79C:k8u94OWLJgoeeY4R6m86GDRUNctP6wi4
MD5:	696750C1861231D07FF4548AD4360DC8
SHA1:	EB4B90B17AADF7B1CCDC484840B5500494C4A787
SHA-256:	F7D5AC8D1CFC77685CDCDBE89ABB8AC0A89F5B6EEC1AC1385069B72A05D05315
SHA-512:	5745B58987555C797F90EFD65BB9E02E3A9139B934E27B287816BE79A988F04EEF6DD8B8AF43C30F5F4BC5360CA7A3E42A21734915277CF3A18A91EA39AC3636
Malicious:	false
Preview:	..#include common.ahk....GetExeInfo(exe) {.. if !(verSize := DllCall("version\GetFileVersionInfoSize", "str", exe, "uint", 0, "uint")).. \|\| !DllCall("version\GetFileVersionInfo", "str", exe, "uint", 0, "uint", verSize, "ptr", verInfo := Buffer(verSize)).. throw OSError().. prop := {Path: exe}.. static Properties := {.. Version: 'FileVersion',.. Description: 'FileDescription',.. ProductName: 'ProductName'.. }.. for propName, infoName in Properties.OwnProps().. if DllCall("version\VerQueryValue", "ptr", verInfo, "str", "\StringFileInfo\040904b0\" infoName, "ptr", &p:=0, "uint*", &len:=0).. prop.%propName% := StrGet(p, len).. else throw OSError().. if InStr(exe, '_UIA').. prop.Description .= ' UIA'.. prop.Version := RegExReplace(prop.Version, 'i)[a-z]{2,}\K(?=\d)\|, ', '.') ; Hack-fix for erroneous version numbers (AutoHotkey_H v2.0-beta3-H...).. return prop..}....IsUsableAutoHotkey(exeinfo) {..

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\spy.ico

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	MS Windows icon resource - 4 icons, 32x32 with PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 48x48 with PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
Category:	dropped
Size (bytes):	4310
Entropy (8bit):	7.802879341444645
Encrypted:	false
SSDEEP:	96:E+lfU3JuOE/08BQLDmMZUMxsjnzEBgTOhmvS:xkLE/B2LuzEBga3
MD5:	EEECD8AF162D3F318496E0E60D6D8C57
SHA1:	31A99C80E4F1033914CE9344E95B84571F76AD2D
SHA-256:	968473DF8EAC7264D9E84E6AE91A4D706CDA9F89F345D182617B161EF4FE1A7B
SHA-512:	6F55968ADF7F2F02E128945016ED0C4D003C9640E4CBFC7B22B82374647E6EBDB07C02E99240DA369789F4107D2C130E54D4ACB1324455FD26668C4D1D009884
Malicious:	false
Preview:	...... .... .....F...00.... .........@@.... .W............. .....2....PNG........IHDR... ... .....szz.....tIME....... ?H.....tEXtSoftware.GLDPNG ver 3.4q.......tpNGGLD3....J.).....gAMA......a....DIDATx..WM(la.....d.....2.w..+..aa!.F.P3n\+.$......)).[).'Sj.....,hPd.\.[g.w~..{.^...\|..<.y.w..=gT...?.vv....R.......................177...C...cqq.CCC...V........\|.1.....\ ==.......Acc#L&....... k.p..n...R.WWW.b....SWW.^........N.....ALL.....g`llL....k...;33...GGG0..".s......-((......)...=...............=...2....g......."......\9....CUU.jkk.....&9.........,9...<5.6000 ...^................j5222......w9A......)--....xxxx.~ww...s.Z%noo.a....Gjj.h.D....aDEE.966.....Z.......4.&.ckkK...C,9.j4.....V.L...j...[.K..............z.;e..P.\#F....H.....BJJ....z.EEE.....\xww.;;;r.9....K2.z....2..S................c........"..f..X.$&$$...@.&''e.o@o........\jp....`...f!..Y..pYYY27;;....c.eff....gP..A'...'.**....mmm......f.....'s..\j.\..~j)=}}}...Cj...........#.._..fZ.6.>..{\|\|.

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\ui-base.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	5004
Entropy (8bit):	4.913133828159579
Encrypted:	false
SSDEEP:	96:ctpyLQ5w84XwtzeZIPHGI4tLSSZMUR6l5w8OtXQyceRX35FZsFFNA3me:cDi9wJeKPHGI4J9SUtruNw35FZs1mD
MD5:	F4251E653DBBBDD8CF4640BD9855C207
SHA1:	D08B6E5796150AA1436FD3DA39BFC5FDBAAEE297
SHA-256:	DEFFD87D99FF125ECCAC2331A8BA4E3A0044E150E80316E9469DD57F322BEDA1
SHA-512:	86896CCB0ACBD27EEEFE6E02747958CAFCCA31541638435DFE9F08D89B763144F6B5FB521DF11DCE4C3F46B186DE4905F56EBCC7C57D4C29EF2A0731A6492698
Malicious:	false
Preview:	class AutoHotkeyUxGui extends Gui {.. __new(title, opt:='') {.. super.__new(opt, title, this).. this.SetFont('s9', "Segoe UI").. this.OnEvent('Escape', 'Destroy').. this.OnEvent('Close', 'Destroy').. }.. .. AddListMenu(options:='', columns:=unset) {.. IsSet(columns) \|\| columns := [].. c := this.AddListView(UxListMenu.DefaultOptions ' ' options, columns).. if !InStr(options, 'Theme').. DllCall("uxtheme\SetWindowTheme", "ptr", c.hwnd, "wstr", "Explorer", "ptr", 0).. static LVTVIM_TILESIZE := 1, LVTVIM_COLUMNS := 2, LVTVIM_LABELMARGIN := 4.. static LVTVIF_AUTOSIZE := 0, LVTVIF_EXTENDED := 4, LVTVIF_FIXEDHEIGHT := 2.. , LVTVIF_FIXEDSIZE := 3, LVTVIF_FIXEDWIDTH := 1.. static LVM_SETTILEVIEWINFO := 0x10A2.. tileviewinfo := Buffer(40, 0).. ControlGetPos(,, &w,, c).. pad := 2 * A_ScreenDPI // 96.. NumPut(.. 'uint', 40, ; cbSize.. 'uint', LVTV

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\install-ahk2exe.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1697
Entropy (8bit):	4.988385975818948
Encrypted:	false
SSDEEP:	48:R+KUvhhYz6gXd/1BvbGpk0b/oC+Putym6P:QKUvh6fFkk0rsP4kP
MD5:	C90BED0679B789B74E4865AE6F2709A3
SHA1:	B0DBEE6A237BA93DAEC76A0553CD3254821D60A1
SHA-256:	C242EBB51241ACAB13152D95CDB05BE5382FFB97F3DCA2DA3A4E5A084C2E3FF4
SHA-512:	F8DFE5C558B427E05905B2A3D8A09632347EDF945D47ED4FC82EC38A9045F5837A798EF669F0FDAE6504D9EEE6762C49C8E6C32ADAC0F6A3E6C2EED6D48E64B2
Malicious:	false
Preview:	; Run this script to launch or download and install Ahk2Exe into A_ScriptDir '\..\Compiler'...#requires AutoHotkey v2.0....#include install.ahk..#include inc\GetGitHubReleaseAssetURL.ahk....#SingleInstance Force..InstallAhk2Exe....InstallAhk2Exe() {.. inst := Installation().. inst.ResolveInstallDir() ; This sets inst.InstallDir and inst.UserInstall.. .. finalPath := inst.InstallDir '\Compiler\Ahk2Exe.exe'.. if FileExist(finalPath) {.. ShellRun finalPath.. ExitApp.. }.. .. if !A_Args.Length {.. (inst.UserInstall) \|\| SetTimer(() => (.. WinExist('ahk_class #32770 ahk_pid ' ProcessExist()) &&.. SendMessage(0x160C,, true, 'Button1') ; BCM_SETSHIELD := 0x160C.. ), -25).. if MsgBox("Ahk2Exe is not installed, but we can download and install it for you.", "AutoHotkey", 'OkCancel') = 'Cancel'.. ExitApp.. if !A_IsAdmin && !inst.UserInstall {.. Run Format('*RunAs "{1}" /restart /script "{

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\install-version.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4162
Entropy (8bit):	4.805177330644294
Encrypted:	false
SSDEEP:	96:m4C3dyA4vkDU1tYur5Ql5rk08NpJ31rsDoY0Jk0AVIn:Q3dyA4L/fdQl5w08LrsMHJk02G
MD5:	30B87FBFADC592C38BE9D82EDF597FA3
SHA1:	1FF5D720858A38BDD2E21A5A492938C07B2811A5
SHA-256:	1E59921BCDDB3C41651EB01605CDEFCDEE3C6ADEC5DB6B7CAFB7AB801EAD5E1E
SHA-512:	79A407CAD251F45D13C0505CDF7E27A281455E3EEFE1F7FC5AEDD658297351AC7DBBCE21065A29ED9D86C6B908A175CD83201E0D60E972865E6258C2F8C145A7
Malicious:	false
Preview:	; Run this script to download and install an additional AutoHotkey version...; Specify the version as a single command line parameter. If omitted or..; incomplete like "1.1" or "2.0", the latest version will be downloaded...#requires AutoHotkey v2.0....#include install.ahk....A_ScriptName := "AutoHotkey"....InstallAutoHotkey A_Args.Length ? A_Args[1] : '1.1'....InstallAutoHotkey(version) {.. abort(message, extra?) {.. if IsSet(extra).. message .= "`n`nSpecifically: " SubStr(extra, 1, 100).. MsgBox message,, "Iconx".. ExitApp.. }.. .. ; Determine base version, for download directory.. baseVersion := RegExReplace(version, '^\d+(?:\.\d+)?\b\K.*').. if IsInteger(baseVersion).. baseVersion .= baseVersion = '1' ? '.1' : '.0'.. else if !IsNumber(baseVersion).. abort "Invalid version.", version.... ; If version number is not exact, try to determine the latest compatible version.. if IsNumber(version) {.. url := Fo

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\install.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	39948
Entropy (8bit):	4.584438080699804
Encrypted:	false
SSDEEP:	768:Mehhuh3o8p7Nl/EjTADVwFvgxatHkMrvDN3v:J837ppleA/atEUvJf
MD5:	817E7747DCFF942D2F1E65CEC536CBF5
SHA1:	1D1C54D79138B0266D349518FA15B9BEB323621B
SHA-256:	25E530F9CADF91F63EEB04C99993355BBF79074A7559DCE817A515E177F32328
SHA-512:	A77BE0D30E848D5364A7DDCBCFF563649C06FAC546C27471A0FA35BF60286F2D3520033DF87E97F6D4EFD2090E84DED0FC0CA0AA1A87CB41D7F361AD833C406E
Malicious:	false
Preview:	; This script contains AutoHotkey (un)installation routines...; See the AutoHotkey v2 documentation for usage...#include inc\bounce-v1.ahk../* v1 stops here /..#requires AutoHotkey v2.0....#SingleInstance Off ; Needed for elevation with runas.....#include inc\launcher-common.ahk..#include inc\HashFile.ahk..#include inc\CreateAppShortcut.ahk..#include inc\EnableUIAccess.ahk..#include inc\ShellRun.ahk....if A_LineFile = A_ScriptFullPath.. Install_Main....Install_Main() {.. try {.. Installation.Instance := inst := Installation().. method := 'InstallFull'.. params := [].. while A_Index <= A_Args.Length {.. switch A_Args[A_Index], 'off' {.. case '/install':.. method := 'InstallExtraVersion'.. inst.SourceDir := A_Args[++A_Index].. case '/uninstall':.. method := 'Uninstall'.. if A_Index < A_Args.Length && SubStr(A_Args[A_Index+1],1,1) != '/'.. par

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\launcher.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	18109
Entropy (8bit):	4.894561088112024
Encrypted:	false
SSDEEP:	192:HBHZGn4adB4K2maaPGBSE72hxuWYDlmxrCOKen2RXXtiqOeGKlLFemIpyeOYMYyT:hH2B/uWSKXn2NCQE0X40GG7QE
MD5:	596B69069BBBCC9A22AC26BBA6EFE546
SHA1:	694CEC54200FF1EC70DC56320C577B652884B53D
SHA-256:	830DB4BE4C8320F23FF32316DAC933D4E72D9056EA5A819CC12C38614DA6E06F
SHA-512:	1C18ACF4403915C6A2562F5E26C0ED7C4FC00E9D67D19622D1DB8BB9338FF6D6E8BF9ABE7317F1B529EF1C24901B45C3B13DC3B734D97582C91B206BEE9AA8F8
Malicious:	false
Preview:	; This script is intended for indirect use via commands registered by install.ahk...; It can also be compiled as a replacement for AutoHotkey.exe, so tools which run..; scripts by executing AutoHotkey.exe can benefit from automatic version selection...#requires AutoHotkey v2.0....;@Ahk2Exe-SetDescription AutoHotkey Launcher..#SingleInstance Off..#NoTrayIcon....#include inc\identify.ahk..#include inc\launcher-common.ahk..#include inc\ui-base.ahk....if A_ScriptFullPath == A_LineFile \|\| A_LineFile == '*#1' {.. SetWorkingDir A_InitialWorkingDir.. Main..}....Main() {.. switches := [].. while A_Args.length {.. arg := A_Args.RemoveAt(1).. if SubStr(arg,1,1) != '/' {.. ScriptPath := arg.. break.. }.. nextArgValue() {.. if !A_Args.Length {.. MsgBox "Invalid command line switches; missing value for " arg ".", "AutoHotkey Launcher", "icon!".. ExitApp 1.. }.. return A_Args.R

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\reload-v1.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	556
Entropy (8bit):	4.997919572416062
Encrypted:	false
SSDEEP:	12:SsFVctCPDVDHn3f8q9mCC41dDVxqy40nyZ3AxL24SHD/TW+37rz3kVP:SyctQVNxZx20c382FHz3kVP
MD5:	35F4753A58432446B99BF89A9E930BF5
SHA1:	BABC3341D9D95865A36EA9A20549A61146093006
SHA-256:	E4659306A755B583E9CEF5FDBA3B3EB102D8939FB028AFD91AAD4496E758FAD5
SHA-512:	AC3483A17EAD5173CE40A6AF55C3C2361652FEFD94C0BD82E004DF8186FFC31EAB194534A25FE995D677F2F71363095D177C01AFB6AE50F2B63BA156855EF5E5
Malicious:	false
Preview:	; This file is part of a trick for allowing a v2 script to relaunch itself with..; v2 when the user attempts to execute it with v1. See inc\bounce-v1.ahk.....#NoTrayIcon....if (A_ScriptFullPath = A_LineFile)..{.. MsgBox 16,, This script is not meant to be executed... ExitApp 2..}....if (!A_Args.Length())..{.. Loop Files, %A_ScriptDir%\..\AutoHotkey32.exe, FR.. {.. Run "%A_LoopFileLongPath%" /force "%A_ScriptFullPath%".. ExitApp.. }..}....MsgBox 16,, This script requires AutoHotkey v2, but was launched with v1...ExitApp 2

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\reset-assoc.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2180
Entropy (8bit):	5.132520164605258
Encrypted:	false
SSDEEP:	48:SiAhFZOZAn5ABXEXEQX+gd4fEi1HIEL+xuFSXjwWURpwSgBTn:kZFjugWfEi1HEx+nnRFUj
MD5:	0299132478B49E3EB706C214BF32E62F
SHA1:	9705C410B9F515269C512C64129CED8E0B1B23D2
SHA-256:	D26CAEF44190E0B612C3E4309FF6689DC2953C72CB3DE1C94D002250B089F16B
SHA-512:	2A9CE8EE71AB207DBF4C4FCC2634D49233304DA858C7880813A2127C2A063DC58703D4B2129498DB630D081E1D72F899D348C01DBBCC359D92AB720B89CCDC44
Malicious:	false
Preview:	; This script clears any file type assocation made via the "open with" dialog,..; so that the standard registration under HKCR\.ahk can take effect...#include inc\bounce-v1.ahk../* v1 stops here */..#requires AutoHotkey v2.0....keyname := "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ahk\UserChoice"..initial_progid := RegRead(keyname, "ProgId", "")..legacy_key := "HKCU\Software\Classes\.ahk"..legacy_assoc := RegRead(legacy_key,, "AutoHotkeyScript")..if A_Args.Length && A_Args[1] = '/check' {.. if (initial_progid = "" \|\| initial_progid = "AutoHotkeyScript") && legacy_assoc = "AutoHotkeyScript".. \|\| MsgBox("It looks like you've used an unsupported method to set the default program for .ahk files. ".. . "This will prevent the standard context menu and launcher (version auto-detect) functionality ".. . "from working. Would you like this setting to be reset for you?", "AutoHotkey", "Icon! y/n") != "yes".. ExitApp..}..r

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\ui-dash.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	C source, Unicode text, UTF-8 text, with CRLF line terminators
Category:	dropped
Size (bytes):	6968
Entropy (8bit):	4.859435822860328
Encrypted:	false
SSDEEP:	96:sHqX7z3hetnbfigrsSUfQDEF2mgPp3eDThh6PTw5/cjG7:Aqr9eBb5rsCs2mgxOyPTw5/17
MD5:	669BD791C5AAFB60EE0885EF064D3622
SHA1:	ACEFB3C3997E2EADD32413814E71AAAAD5A8B6D4
SHA-256:	E8C0B4E149AD58C57E77AAC12041F1FA8BC9F25C6D642D12837EFC5FD97B8D21
SHA-512:	EB0345B3562523C58894752276938C7E5EE63B7C3A660317C9A4C1A93B6E530B12015DD380A8A230324B94A9F042380C1A1D24B49D21C3805A4711CB185A33DB
Malicious:	false
Preview:	; Dash: AutoHotkey's "main menu"...; Run the script to show the GUI...#include inc\bounce-v1.ahk../* v1 stops here /..#requires AutoHotkey v2.0....#NoTrayIcon..#SingleInstance Force....#include inc\ui-base.ahk..#include ui-launcherconfig.ahk..#include ui-editor.ahk..#include ui-newscript.ahk....DashRegKey := 'HKCU\Software\AutoHotkey\Dash'....class AutoHotkeyDashGui extends AutoHotkeyUxGui {.. __new() {.. super.__new("AutoHotkey Dash").. .. lv := this.AddListMenu('vLV LV0x40 w250', ["Name", "Desc"]).. lv.OnEvent("Click", "ItemClicked").. lv.OnEvent("ItemFocus", "ItemFocused").. lv.OnNotify(-155, "KeyPressed").. .. this.AddButton("xp yp wp yp Hidden Default").OnEvent("Click", "EnterPressed").. .. il := IL_Create(,, true).. lv.SetImageList(il, 0).. il2 := IL_Create(,, false).. lv.SetImageList(il2, 1).. addIcon(p) =>(IL_Add(il, p), IL_Add(il2, p)).. .. lv.Add("Icon" addIc

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\ui-editor.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	8585
Entropy (8bit):	4.875277208906012
Encrypted:	false
SSDEEP:	192:th4hvlbHoc4v3g/ucyCs5fyrpsp/vm1kEoQH1lY0qibz:th4h+cyCifyrp85QVldz
MD5:	82EB574294FF4E2E7461B95F5BAD0A87
SHA1:	A981373EF3BD61CE5A2F0AD9BEDAA1CF4ACFD591
SHA-256:	7263286EB3A42ECCF5EDC39B43C74A8BF7C82F2671204D1AE654236C1DE3F05D
SHA-512:	1C54E110B384D55CA0243AD343E69D1F0FA9B2A863AF8DA75A5C992D19F9E055182BBA09BE227882F82D0EBF4EC94094723E2DB06CDF7EE2ED574348A8D72C74
Malicious:	false
Preview:	; This script shows a GUI for setting the default .ahk editor...#requires AutoHotkey v2.0....#NoTrayIcon..#SingleInstance Off....#include launcher.ahk..#include inc\CommandLineToArgs.ahk....class EditorSelectionGui extends AutoHotkeyUxGui {.. __new(cmdLine) {.. super.__new("Select an editor").. .. lv := this.AddListMenu('vEds LV0x40 w300', ["Editor"]).. this.IconList := il := IL_Create(,, true).. lv.SetImageList(il, 0).. for app in this.Apps := GetEditorApps() {.. try.. icon := IL_Add(il, app.exe).. catch.. icon := -1.. lv.Add('Icon' icon, app.name).. }.. this.SelectEditorByCmd(cmdLine).. lv.AutoSize(8).. lv.GetPos(&x, &y, &w, &h).. x += w.. y += h.. .. this.AddText('xm w' w ' y' y, "Command line").. this.AddEdit('xm wp r2 -WantReturn vCmd', cmdLine).OnEvent('Change', 'CmdChanged').. .. this.AddText('xm

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\ui-launcherconfig.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	8289
Entropy (8bit):	5.012543704125114
Encrypted:	false
SSDEEP:	192:18ZheYP0oxU2r23K7D+lTt3cs8FN7bDanWPKtscP/81Tn/dUT0:1fYs125DIB3csspb2qcx/81TnlUT0
MD5:	852BF007A6DDD80A2E5C9D82D874CF45
SHA1:	6F293EC5B59645F795E4FEB3F02C026B62ED428E
SHA-256:	C91E18A25069E7B501D2D0E1C8FC23B78CB962D93469CD0B2EA7E24CDF181DC1
SHA-512:	95F2E6BBEB9138125AB337D6BA047B824FFA527A5F2403C12BBC4EE4A4E73B516D963E09C81D453BCAFB01BD396D991DA8D36D8A91707E557ECC61C1BA9EA91D
Malicious:	false
Preview:	; This script shows a GUI for configuring the launcher...#requires AutoHotkey v2.0....#NoTrayIcon....#include inc\launcher-common.ahk..#include inc\ui-base.ahk....GetVersions() {.. vmap := Map(1, Map(), 2, Map()).. for ,f in GetUsableAutoHotkeyExes() {.. try.. vmap[GetMajor(f.Version)][f.Version] := true.. catch as e.. trace "-[Launcher] " type(e) " checking file " A_LoopFileName ": " e.message.. }.. vmap[1] := [vmap[1]].. vmap[2] := [vmap[2]].. return vmap..}....class LauncherConfigGui extends AutoHotkeyUxGui {.. __new() {.. super.__new("AutoHotkey Launch Config").. .. cmd := RegRead('HKCR\AutoHotkeyScript\shell\open\command',, '').. usingLauncher := InStr(cmd, 'UX\launcher.ahk') != 0.. currentExe := !usingLauncher && RegExMatch(cmd, '^"(.*?)"(?= )', &m) ? m.1 : "".. try.. if currentExe && GetExeInfo(currentExe).Description = "AutoHotkey Launcher" ; Support compiled launcher

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\ui-newscript.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	10365
Entropy (8bit):	4.864764389032537
Encrypted:	false
SSDEEP:	192:WWsmA5tqnaPKHGs8SCVV7f5JfzH+zoe04+v1AlLUzhAGnk0Vps61CRjqsz:WW6TAF8SCVRf+W9AyzhAGO08
MD5:	1B88198B4BD36EB25E23DC412321A555
SHA1:	D3B5670D1BC7343AE40AD087BC22309DC17E118A
SHA-256:	31249EF15CCE83D150A9A5DE11168A5052FF2C55DBD574B8DF1C054510B61843
SHA-512:	409FB90D7EA768C9D9A2574C09B8A69C93E8AFD76234C24E3E0F71AA3F564A4F1AA46FF18EA328B1AFCCAB54604BB239D37249D5811E3A84F0AB692B032A732B
Malicious:	false
Preview:	#requires AutoHotkey v2.0....#NoTrayIcon..#SingleInstance Off....#include inc\common.ahk..#include inc\ui-base.ahk....class NewScriptGui extends AutoHotkeyUxGui {.. __new(path:="") {.. super.__new("New Script").. .. SplitPath path,, &dir,, &name.. if this.ExplorerHwnd := WinActive("ahk_class CabinetWClass") {.. this.Opt '+Owner' this.ExplorerHwnd.. if dir = "".. dir := GetPathForExplorerWindow(this.ExplorerHwnd).. }.. if dir = "".. dir := ConfigRead('New', 'DefaultDir', A_MyDocuments "\AutoHotkey").. .. name := this.AddEdit('vName w272', name != "New AutoHotkey Script" ? name : "").. static EM_SETCUEBANNER := 0x1501.. SendMessage(EM_SETCUEBANNER, true, StrPtr("Untitled"), name).. .. static IconSize := SysGet(49) ; SM_CXSMICON.. .. static BrowseIcon := LoadPicture("imageres.dll", 'Icon-1025 w' IconSize, &imgtype).. this.AddIconButton

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\ui-setup.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	7325
Entropy (8bit):	4.877995973608334
Encrypted:	false
SSDEEP:	192:SdHQj/CKeF1DXPTYjTBS7EmK3QyOcjRn5WYHu4pCW7rvQ:SejoFpPTYjTB6EmQOcjRTHpC/
MD5:	DD3F9C2F9115689F4350896752F15926
SHA1:	FA19F1632B865B2BC098611A8BE66E9F10DC692B
SHA-256:	68B114A2EA4AF9DF54709A78EC5991A1F271097B29CB93757403FDB158746BC7
SHA-512:	12F34D5EC7A7D5452EEF97E4C87093240050756C564140874D316D0B9D194C961DEBE139BADC943B024B680B68961EF6CBE71FC1A567C6622797F90ED51FA549
Malicious:	false
Preview:	; This script shows the initial setup GUI...; It is not intended for use after installation...#requires AutoHotkey v2.0....#NoTrayIcon..#SingleInstance Force....#include inc\ui-base.ahk....A_ScriptName := "AutoHotkey Setup"..SetRegView 64..InstallGui.Show()....class InstallGui extends AutoHotkeyUxGui {.. __new() {.. super.__new(A_ScriptName, '-MinimizeBox -MaximizeBox').. .. DllCall('uxtheme\SetWindowThemeAttribute', 'ptr', this.hwnd, 'int', 1 ; WTA_NONCLIENT.. , 'int64*', 3 \| (3<<32), 'int', 8) ; WTNCA_NODRAWCAPTION=1, WTNCA_NODRAWICON=2.. .. static TitleBack := 'BackgroundWhite'.. static TitleFore := 'c3F627F'.. static TotalWidth := 350.. this.AddText('x0 y0 w' TotalWidth ' h84 ' TitleBack).. this.AddPicture('x32 y16 w32 h32 ' TitleBack, A_AhkPath).. this.SetFont('s12', 'Segoe UI').. this.AddText('x+20 yp+4 ' TitleFore ' ' TitleBack, "AutoHotkey v" A_AhkVersion).. this.SetFont('s9')..

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\ui-uninstall.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2311
Entropy (8bit):	4.84199510475754
Encrypted:	false
SSDEEP:	48:SThy/+G2L1JubYQIBCbBaBX6XNoqb0BiWdM+T:V+G2ybdIBCdmX6doqbfWW+T
MD5:	0FE4932669E99A498A7BC76975919000
SHA1:	E0D6A7B484D3A6C0D7427F611C575F93E4F87BA4
SHA-256:	1E09FC4AF5DC3E673D4FACFE4FA849C6BDD0B29C67B0EFD7F96AAF387FCEF698
SHA-512:	DD3B99739106953608AC2EB2ECC4E3D316B5122B1B305BD7CFAB82FCC7EC0D92B5944F4724D37CBC01CA5C6B5381B57FAD9256586B5DFD0026453F9C11A32394
Malicious:	false
Preview:	; This script shows a GUI for uninstalling AutoHotkey or specific versions...#include inc\bounce-v1.ahk../* v1 stops here */..#requires AutoHotkey v2.0....#include inc\ui-base.ahk..#include install.ahk....#NoTrayIcon..#SingleInstance Force....A_ScriptName := "AutoHotkey Setup"..SetRegView 64..ModifySetupGui.Show()....class ModifySetupGui extends AutoHotkeyUxGui {.. __new() {.. super.__new(A_ScriptName, '-MinimizeBox -MaximizeBox').. .. this.inst := Installation().. this.inst.ResolveInstallDir().. versions := this.inst.GetComponents().... this.AddText(, "Remove which versions?").. iv := this.AddListView('vComponents Checked -Hdr R10 w248', ["Version"]).. iv.OnEvent('ItemCheck', 'Checked').. for v, files in versions.. iv.Add(files.HasProp('superseded') ? 'Check' : '', v).. .. anyChecked := iv.GetNext(0, 'C').. this.AddButton('vRemoveAll w120 ' (anyChecked ? '' : 'Default'), "Remove &all")..

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\WindowSpy.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	57
Entropy (8bit):	5.0148340407771865
Encrypted:	false
SSDEEP:	3:FU72V5FTx+oeQWaKO:FUmbTx+VQWaKO
MD5:	1B081984B7C90528E03E67096F001E5F
SHA1:	A2385C9CDEC13094E12DA3CADC780BFCD7EC9875
SHA-256:	83E60BA7D330D4FAA32576C0AB223A2440EF92972D3D32DEE46D117E8A446CE9
SHA-512:	3A44A3CCBC86B9044670A72AE770E475C5469CABC54F1E8A76208E290BAB2FC96155B671BB52DCA3E2D834B2D6036CAB28C9F96D4C59EBDB3E98869C137FFAC5
Malicious:	false
Preview:	#Requires AutoHotkey v2.0-beta..#Include UX\WindowSpy.ahk

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\license.txt

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	18120
Entropy (8bit):	4.833349138619991
Encrypted:	false
SSDEEP:	384:gq2PmwE3b6k/iAVX/dUY2ZpEGMOZ77oPyBrsS/S9B:gzuh1iYWrTXoPAs9B
MD5:	E3F2AD7733F3166FE770E4DC00AF6C45
SHA1:	3D436FFDD69F7187B85E0CF8F075BD6154123623
SHA-256:	B27C1A7C92686E47F8740850AD24877A50BE23FD3DBD44EDEE50AC1223135E38
SHA-512:	ED97318D7C5BEB425CB70B3557A16729B316180492F6F2177B68F512BA029D5C762AD1085DD56FABE022B5008F33E9BA564D72F8381D05B2E7F0FA5EC1AECDF3
Malicious:	false
Preview:	GNU GENERAL PUBLIC LICENSE.. Version 2, June 1991.... Copyright (C) 1989, 1991 Free Software Foundation, Inc... 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.. Everyone is permitted to copy and distribute verbatim copies.. of this license document, but changing it is not allowed..... Preamble.... The licenses for most software are designed to take away your..freedom to share and change it. By contrast, the GNU General Public..License is intended to guarantee your freedom to share and change free..software--to make sure the software is free for all its users. This..General Public License applies to most of the Free Software..Foundation's software and to any other program whose authors commit to..using it. (Some other Free Software Foundation software is covered by..the GNU Library General Public License instead.) You can apply it to..your programs, too..... When we speak of free so

C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1256448
Entropy (8bit):	6.40012168761782
Encrypted:	false
SSDEEP:	24576:Ve1psX+O47m4ffJhxZ4rBcRyMlc/SsVNGgMxCRjU:Vek+bi4ffJhxZ4axcbHGPWj
MD5:	825448610A8213A8408578DF2361D5EB
SHA1:	F43875855E4F02010AD6C755067B813D0FCBE68A
SHA-256:	37FF15A23A98F0A658298E21F1873CA896A05208810BF796F90CA212EE07C7B1
SHA-512:	7556143128878B2E765309DB8B35CC8206D325C0C17C37B191600BD8F719A923B0F917F4C53F0946ED2D12136A9E42774246595EED78F1038779FDCBD3736EEE
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./...kl..kl..kl.. ...\|l..~...El..~...xl..~...bl.. ...rl.. ....l.. ...jl.. ...Jl..kl...m..].il..].)l..].j.jl..].jl..Richkl..........PE..d......e..........#....%.......................@.......................................... ...@.................................................T....@..............................@...8...............................@............................................text...v........................... ..`.rdata..............................@..@.data...............................@....pdata..............."..............@..@_RDATA..\....0......................@..@.rsrc........@......................@..@........................................................................................................................................................................................................................................

C:\Program Files\AutoHotkey\UX\Templates\Minimal for v2.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	93
Entropy (8bit):	4.865096009935425
Encrypted:	false
SSDEEP:	3:UZ3/M4yt79CgfyPa3AO2V5FTxyov:UZv5yuwyHbTxyov
MD5:	CDC8756680C459BD511D2BD2895FE2B2
SHA1:	A7EA57FD628CFE2F664F2647510C6A412C520DFB
SHA-256:	7F618D3CA343A0739A52A4A3C4F5B963ED98DC077B60C65FDC77D70FB0EC12D3
SHA-512:	101722EB5BBA352D557E7D70704E24A54A129276857E8CC13F40DA26DFA9267A67DE79E52A0F552FF676D1825D0FB2EB467837B397D2E6905FA90D6891BCCD45
Malicious:	true
Preview:	/..[NewScriptTemplate]..Description = Just #Requires v2.0../..#Requires AutoHotkey v2.0....

C:\Program Files\AutoHotkey\UX\WindowSpy.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	8170
Entropy (8bit):	5.024273106737054
Encrypted:	false
SSDEEP:	192:/iD+QOFljN97L5joVGhwj6y2h2Vfb/xHFiyOdKZBlb0esEOSZ9o3Iu7:/m+QwhN97LFoVAwf2hEfdHFiyOqqeROf
MD5:	E2067D978526B83A1DA967F16A69C125
SHA1:	08000FB66E6F1B1FCD450F32E1757A39B3A7BA16
SHA-256:	040404A4DEF02F17CDAFDA938F5B63FC2181940BA1290DA5742DB0862C07166E
SHA-512:	A453669B15C18F24A989A57441F961861578C09C145A4364C982410E5E05AB09B05AD4A77929CCF4AB9E00E5E3D73029A13660156BF4EEF9011ACCFD59800EA0
Malicious:	true
Preview:	; ..; Window Spy for AHKv2..;....#Requires AutoHotkey v2.0....#NoTrayIcon..#SingleInstance Ignore..SetWorkingDir A_ScriptDir..CoordMode "Pixel", "Screen"....Global oGui....WinSpyGui()....WinSpyGui() {.. Global oGui.. .. try TraySetIcon "inc\spy.ico".. DllCall("shell32\SetCurrentProcessExplicitAppUserModelID", "wstr", "AutoHotkey.WindowSpy").. .. oGui := Gui("AlwaysOnTop Resize MinSize +DPIScale","Window Spy for AHKv2").. oGui.OnEvent("Close",WinSpyClose).. oGui.OnEvent("Size",WinSpySize).. .. oGui.SetFont('s9', "Segoe UI").. .. oGui.Add("Text",,"Window Title, Class and Process:").. oGui.Add("Checkbox","yp xp+200 w120 Right vCtrl_FollowMouse","Follow Mouse").Value := 1.. oGui.Add("Edit","xm w320 r5 ReadOnly -Wrap vCtrl_Title").. oGui.Add("Text",,"Mouse Position:").. oGui.Add("Edit","w320 r4 ReadOnly vCtrl_MousePos").. oGui.Add("Text","w320 vCtrl_CtrlLabel",(txtFocusCtrl := "Focused Control") ":").. oGui.Add("Edit","w320 r4 ReadOnly v

C:\Program Files\AutoHotkey\UX\inc\CommandLineToArgs.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	352
Entropy (8bit):	4.914101368991569
Encrypted:	false
SSDEEP:	6:1FQp9ODHKATpQEJFn9p6gklJtW3gSsMNFi7N/WGBQqOOccE4gggDHpK/Lkvle:1wsKE54TvZX7N/tW/ODHGpSLk9e
MD5:	E8D9A7E78D6A2A40BFB532B4812BDE59
SHA1:	5674B63092A69C419A42BAB9E7462BDE3BDB3CAD
SHA-256:	A6C51E2188E31E3510577263D7B96DB147B0DF3DFA24C96DF8FDD9D73DA859EE
SHA-512:	DD7D78C7724DCA4684C732B0F3F8E73AF67610DE8945255B48B9301672AC0B4F405C802A8CD4C343D53266F492D2D0DCD2727B5EBDB9E90CFC9173876B9AB905
Malicious:	true
Preview:	..CommandLineToArgs(cmd) {.. argv := DllCall("shell32\CommandLineToArgvW", "wstr", cmd, 'int', &narg:=0, "ptr").. try {.. args := [].. Loop args.Capacity := narg.. args.Push(StrGet(NumGet(argv, (A_Index-1)A_PtrSize, "ptr"), "UTF-16")).. }.. finally.. DllCall("LocalFree", "ptr", argv).. return args..}..

C:\Program Files\AutoHotkey\UX\inc\CreateAppShortcut.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1578
Entropy (8bit):	5.176343578065276
Encrypted:	false
SSDEEP:	24:+RemXj4qm4Z6CNeSSeqDe2eTA0EBuddsu9ruLc+cnwYit8BedM44we8wLdstjoj7:uDpn0sqCJFEBqbpjwYTMdGvutN1QmIj
MD5:	2FFBDE65B63790C5AA12996E9EF9068C
SHA1:	A793986E4E72D5B5A866E927855EACC3A0399A7A
SHA-256:	40A6F0CDA5FD1DFF324CAB288BB453AA60B41B09DACBFBC64F2D871423F33935
SHA-512:	315B2803C8E803B238E87DE63A5737350E41D248F67C54662341CA889C3BD5FC6FC2F516CA20F1FF4D74FCA4AF247B64EC7795D4C4E8990FFFCE49BBF037A906
Malicious:	true
Preview:	CreateAppShortcut(linkFile, p) {.. ;target, args, description, aumid, uninst?.. lnk := ComObject('{00021401-0000-0000-C000-000000000046}' ; CLSID_ShellLink.. ,'{000214F9-0000-0000-C000-000000000046}') ; IID_IShellLink.. .. ComCall(20, lnk, 'wstr', p.target).. ComCall(11, lnk, 'wstr', p.HasProp('args') ? p.args : "").. ComCall(7, lnk, 'wstr', p.desc).. if p.HasProp('icon').. ComCall(17, lnk, 'wstr', p.icon, 'int', p.HasProp('iconIndex') ? p.iconIndex : 0).. .. ; Set the System.AppUserModel.ID property via IPropertyStore.. props := ComObjQuery(lnk, '{886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99}').. static PKEY_AppUserModel_ID := PKEY('{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3}', 5).. static PKEY_AppUserModel_UninstallCommand := PKEY('{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3}', 37).. setProp PKEY_AppUserModel_ID, p.aumid.. if p.HasProp('uninst').. setProp PKEY_AppUserModel_UninstallCommand, p.uninst.. .. ; S

C:\Program Files\AutoHotkey\UX\inc\EnableUIAccess.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	10734
Entropy (8bit):	5.231689303124814
Encrypted:	false
SSDEEP:	192:RA1uaqk4Ka6BYzrxPrtRdSE6hyj4rGp+HCOvFrBScc8W4:+uaqkpaPh1sFBfcU
MD5:	65D05EC61CCA0547E218655E65E5EA7C
SHA1:	1CF93558BB9F1AE5A055B3F9085BF4166B7F43DD
SHA-256:	A9A824A763195E5810BF904854AF7ED41C025527B2B8FAA7532C6F24189D69B9
SHA-512:	65172FA0F9148106E44FDE99E0BCAD173C4EEF405A19B1F54961F2A248F6E6B0A05568D728E83D6582113D0D12A5E87CE763C53271C4D52B9362B19E22EA7D23
Malicious:	true
Preview:	EnableUIAccess(ExePath) {.. static CertName := "AutoHotkey".. hStore := DllCall("Crypt32\CertOpenStore", "ptr", 10 ; STORE_PROV_SYSTEM_W.. , "uint", 0, "ptr", 0, "uint", 0x20000 ; SYSTEM_STORE_LOCAL_MACHINE.. , "wstr", "Root", "ptr").. if !hStore.. throw OSError().. store := CertStore(hStore).. ; Find or create certificate for signing... cert := CertContext().. while (cert.ptr := DllCall("Crypt32\CertFindCertificateInStore", "ptr", hStore.. , "uint", 0x10001 ; X509_ASN_ENCODING\|PKCS_7_ASN_ENCODING.. , "uint", 0, "uint", 0x80007 ; FIND_SUBJECT_STR.. , "wstr", CertName, "ptr", cert.ptr, "ptr")).. && !(DllCall("Crypt32\CryptAcquireCertificatePrivateKey".. , "ptr", cert, "uint", 5 ; CRYPT_ACQUIRE_CACHE_FLAG\|CRYPT_ACQUIRE_COMPARE_KEY_FLAG.. , "ptr", 0, "ptr", 0, "uint", &keySpec:=0, "ptr", 0).. && (keySpec & 2)) { ; AT_SIGNATURE.. ; Keep looking for a certificate with

C:\Program Files\AutoHotkey\UX\inc\GetGitHubReleaseAssetURL.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	844
Entropy (8bit):	4.810009492650111
Encrypted:	false
SSDEEP:	24:ybRJL5QOLrG0ogFhcEfF6iiwADuzheOj9E:y1JNQOL60ogFrf4uDAwm
MD5:	1A8AB9BB38FD0DA51D03DC48E3A0B2EA
SHA1:	5C74DDD45C91A39B921139881C76C48C97E35825
SHA-256:	48A3F822A720B8E9B41165A1D19D56411D1F58036338EBD07AB40F2A14CF0F1B
SHA-512:	1B88603FB9EB28E717CB77623FF0159F5F45E677C34316DC0C5D5C2ED46C59F10D3AFB532B1F99920F91B8098E544873F944B1E0E575EFD694DD24BDCA22C14E
Malicious:	true
Preview:	GetGitHubReleaseAssetURL(repo, ext:='.zip', release:='latest') {.. req := ComObject('Msxml2.XMLHTTP').. req.open('GET', 'https://api.github.com/repos/' repo '/releases/' release, false).. req.send().. if req.status != 200.. throw Error(req.status ' - ' req.statusText, -1).. .. res := JSON_parse(req.responseText).. try.. assets := res.assets.. catch PropertyError.. throw Error(res.message, -1).. .. loop assets.length {.. asset := assets.%A_Index-1%.. if SubStr(asset.name, -StrLen(ext)) = ext {.. return asset.browser_download_url.. }.. }.. .. JSON_parse(str) {.. htmlfile := ComObject('htmlfile').. htmlfile.write('<meta http-equiv="X-UA-Compatible" content="IE=edge">').. return htmlfile.parentWindow.JSON.parse(str).. }..}

C:\Program Files\AutoHotkey\UX\inc\HashFile.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2432
Entropy (8bit):	5.429608282178578
Encrypted:	false
SSDEEP:	48:RCQeNhzam2kwyXXmkDEaVlKjdkOBJlYg9A1kWVIDi:RCQeNhwkoAQ7Q18O
MD5:	727AE6F2EC77A5B56774DF9DA14636D2
SHA1:	8216A2122C825127CA59B05B0BAE0D57E92F1110
SHA-256:	84032ECAC8ED334CF8788A81BEA721B0AF5CD7CA7DCA57B60CDEC3556AE33914
SHA-512:	F1058216B5D1B8D590EB4CAFD5139F71F8DF5F96A3FCC314A7635CB1B99DE8623D87C57C567868EBDAFB09925B8D13FDADCEE49FA89F1A239725A92B948272CC
Malicious:	true
Preview:	; HashFile by Deo..; https://autohotkey.com/board/topic/66139-ahk-l-calculating-md5sha-checksum-from-file/..; Modified for AutoHotkey v2 by lexikos.....#Requires AutoHotkey v2.0-beta..../..HASH types:..1 - MD2..2 - MD5..3 - SHA..4 - SHA256..5 - SHA384..6 - SHA512../..HashFile(filePath, hashType:=2)..{...static PROV_RSA_AES := 24...static CRYPT_VERIFYCONTEXT := 0xF0000000...static BUFF_SIZE := 1024 * 1024 ; 1 MB...static HP_HASHVAL := 0x0002...static HP_HASHSIZE := 0x0004..... switch hashType {.. case 1: hash_alg := (CALG_MD2 := 32769).. case 2: hash_alg := (CALG_MD5 := 32771).. case 3: hash_alg := (CALG_SHA := 32772).. case 4: hash_alg := (CALG_SHA_256 := 32780).. case 5: hash_alg := (CALG_SHA_384 := 32781).. case 6: hash_alg := (CALG_SHA_512 := 32782).. default: throw ValueError('Invalid hashType', -1, hashType).. }......f := FileOpen(filePath, "r").. f.Pos := 0 ; Rewind in case of BOM... .. HCRYPTPROV() => {.. p

C:\Program Files\AutoHotkey\UX\inc\README.txt

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	182
Entropy (8bit):	4.286514883049412
Encrypted:	false
SSDEEP:	3:BUQPXtHVbx+Lgz5JcLHQtEcFHk9g/PM/eEFBpcOvsRyhKQvArXGtFDAE/URqnn:B3HVbvXIwtPHrQrByOkAhKQvACthAhRe
MD5:	4B095AAE00456AA248024A184671E4D5
SHA1:	84AE516FBC62CE0AA10FFEACD7BA865A35A0A375
SHA-256:	D65C6E73417E6BBA7A619F2E68933B74E6AE6141277B65542AED9B6ACDFC83FF
SHA-512:	77AABE92719D8FC7A28C76F3B76FA2E42A188DB14F004262D8E913620AA990CDE29119B82D919511FC0D828CA0A108EA79858BA158B6A8ED6A260B72B4EE229D
Malicious:	true
Preview:	Scripts in this directory may be copied and used freely, but..may be removed or modified without notice by any future release...Do not #include them directly; instead, create a copy.

C:\Program Files\AutoHotkey\UX\inc\ShellRun.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	420
Entropy (8bit):	5.234753324124194
Encrypted:	false
SSDEEP:	12:9YEvTDHflQK7AqMVQ31Uk5q66BODjNAhQ3JA:+EvTjtzAqh6k5jrO
MD5:	9E53FCA8C7F6A9EE179F0FC0A7890EA3
SHA1:	DC2A1BF437EEA36B3F5BA9318F3B391B405D5CB2
SHA-256:	EA67340C555FDC1ABF8E324AC550AC37D2BA5F96A8EDEF120E72FB340F8F95C0
SHA-512:	CAD5C07F952FB93413B4A3990C522BA4B446AE41F11C8DD323BDCDE1B30FBFD76515606D5DC4BCB8768BD382CDB82553801539A192B002696D253341F3C0DBC5
Malicious:	true
Preview:	; For documentation about the parameters, refer to:..; https://learn.microsoft.com/en-us/windows/win32/shell/shell-shellexecute..ShellRun(filePath, arguments?, directory?, operation?, show?) {.. static VT_UI4 := 0x13, SWC_DESKTOP := ComValue(VT_UI4, 0x8).. ComObject("Shell.Application").Windows.Item(SWC_DESKTOP).Document.Application.. .ShellExecute(filePath, arguments?, directory?, operation?, show?)..}

C:\Program Files\AutoHotkey\UX\inc\bounce-v1.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	142
Entropy (8bit):	4.4755179547678345
Encrypted:	false
SSDEEP:	3:a/GeA+gCFWVVIQGJXbtBXD7r9FV1oUqERA1MtAEKLENOn:a/5A+QVMJXBpXRFVOjERAGtUENOn
MD5:	165B8FC572F943E3665994F87F1772B7
SHA1:	265CA3D2A66A7E1807962EB7E8A444CEFB61BC0C
SHA-256:	9B75C7F804D1D55807459E6F06DB2BEE8E1FB60CE9C9340D44A7B491CE53B982
SHA-512:	E675453EEF9A10560CB9EA95E993D8068C8DFCA3664A140B6BA33361D0736632B8CE3A37770411583F558476173294BCC12B83BF33190D89EB009BFB9BB5F0AF
Malicious:	true
Preview:	; v1: includes the file from the script's directory...; v2: does nothing because the path is relative to this file...#include *i reload-v1.ahk

C:\Program Files\AutoHotkey\UX\inc\common.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	688
Entropy (8bit):	5.235085398227736
Encrypted:	false
SSDEEP:	12:/ESUoz6Ls/umIRuccWJZw/EWZ5h/ELcMWZOezx+3O/RYo3hj/ZA8Q/L59O/aBen:/Evo2L4QeWuZ/3jYo3/0Ln+Oe
MD5:	DAC79AD5A978F0497DE70A005B6A6084
SHA1:	DB100CE15998772FE322679468F46B0F25239EB4
SHA-256:	DBC1420C9368E954176CD1BC38C0BF5498D721CB7DEE50B5ABEF51611A33C658
SHA-512:	9F2A2C0E01724EF82860CFB97FBE6196D29B3B41080F04B3F51653F2F535849428B0A245BC954AA57569AA660D5A5A20D2D1E0DBB9081D718BF2DEDDB051F47C
Malicious:	true
Preview:	A_AllowMainWindow := true..if A_AhkPath != A_ScriptDir '\AutoHotkeyUX.exe' {.. ; Standalone, compiled or test mode: locate InstallDir via registry.. DirExist(ROOT_DIR := RegRead('HKCU\SOFTWARE\AutoHotkey', 'InstallDir', "")).. \|\| (ROOT_DIR := RegRead('HKLM\SOFTWARE\AutoHotkey', 'InstallDir', ""))..}..if (ROOT_DIR ?? "") = "" \|\| !DirExist(ROOT_DIR).. Loop Files A_ScriptDir '\..', 'D'.. ROOT_DIR := A_LoopFileFullPath....if !trace.Enabled := RegRead('HKCU\Software\AutoHotkey', 'Trace', false).. trace.DefineProp 'call', {call: () => ''}....#include config.ahk....trace(s) {.. try.. FileAppend s "`n", "".. catch.. OutputDebug s "`n"..}..

C:\Program Files\AutoHotkey\UX\inc\config.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	429
Entropy (8bit):	5.26163110122379
Encrypted:	false
SSDEEP:	12:oqQS/VkUZQjNySLmIK5aymKYeJUmJbSQ4JDta1y:dNkVNy2K5eeJvJbv4JJcy
MD5:	248B58535F55EB55D9BAEC04A384B5E6
SHA1:	76D067318B67DA9A3DA71A232A887C8935C7068F
SHA-256:	4D1F241A0C973E30F1BF19E71CADB386B872A14BF0C29D32D4781A56CAFD998A
SHA-512:	0186EB49DA706C6CC6F48ECD94A4996C258ECEA10BED26B9C79BDDF0F7ECA32DF1449166309237859CA2508427BF79D447A2202EAEBA211228DA9822646CF23A
Malicious:	true
Preview:	..; CONFIG_FILE_PATH := A_MyDocuments "\AutoHotkey\AutoHotkey.ini"..CONFIG_KEY := 'HKCU\Software\AutoHotkey'....ConfigRead(section, key, default) {.. ; return IniRead(CONFIG_FILE_PATH, section, key, default).. return RegRead(CONFIG_KEY '\' section, key, default)..}....ConfigWrite(value, section, key) {.. ; IniWrite(value, CONFIG_FILE_PATH, section, key).. RegWrite(value, 'REG_SZ', CONFIG_KEY '\' section, key)..}..

C:\Program Files\AutoHotkey\UX\inc\identify.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1065
Entropy (8bit):	4.577078861855727
Encrypted:	false
SSDEEP:	24:R6bKtOSlRV2+O2WF3Q7DolfoV9OlCLUD47/HSoKVLbJlsLJc:obF42C9OlCoDz1lMc
MD5:	3E5C97E6C3A76686329C81FBA864B26B
SHA1:	EC111D01A5299DE2CA93C5441E92BB49D9D5E710
SHA-256:	F5B97911887C303B6859DE44EFF73780309E31E931DCBA86A66AAAFBE932AF72
SHA-512:	C70BA459ABB2C35EDFD62DFBE6EFB9C54D5341802A72AC7D6B3B63877F28A97A974B96B6DE747E29909550D6BA2C5D14DA40BEF6D91841C5C8C5A903697307C7
Malicious:	true
Preview:	#include identify_regex.ahk....IdentifyBySyntax(code) {.. static identify_regex := get_identify_regex().. p := 1, count_1 := count_2 := 0, version := marks := ''.. try while (p := RegExMatch(code, identify_regex, &m, p)) {.. p += m.Len().. if SubStr(m.mark,1,1) = 'v' {.. switch SubStr(m.mark,2,1) { .. case '1': count_1++.. case '2': count_2++.. }.. if !InStr(marks, m.mark).. marks .= m.mark ' '.. }.. }.. catch as e.. return {v: 0, r: "error", err: e, pos: p}.. if !(count_1 \|\| count_2).. return {v: 0, r: "no tell-tale matches"}.. ; Use a simple, cautious approach for now: select a version only if there were.. ; matches for exactly one version... if count_1 && count_2.. return {v: 0, r: Format(.. count_1 > count_2 ? "v1 {1}:{2} - {3}" : count_2 > count_1 ? "v2 {2}:{1} - {3}" : "? {1}:{2} - {3}",.. count_1, count_2, Trim(marks).

C:\Program Files\AutoHotkey\UX\inc\identify_regex.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	ASCII text, with very long lines (3982), with CRLF line terminators
Category:	dropped
Size (bytes):	4018
Entropy (8bit):	5.309111673003908
Encrypted:	false
SSDEEP:	96:6Z2eX4Mjt29rVduPDOym1m35CA2OLiZk8+1bi039:6Rtjg9YOaLiZk8+R
MD5:	F27F09D324016BD49D2DA38901E79A61
SHA1:	F2AF4EA1CA36DC4ED53BA3A5817B83D457C9029C
SHA-256:	C2563AB626DF892398083404ACECC5229300BA7DC6077B120844C65FACFAD854
SHA-512:	1DD5A6DDF87A3026F5B2D468197173AF0C4E6C2EEAB64113BCD2BBD56BE46089E546F694FEA2416AADC9C2669070B29EF26EC689DFBE73DEF8AF6FD0DE310D04
Malicious:	true
Preview:	get_identify_regex() => '..(..(?(DEFINE)(?<line_comment>(?<![^ `t`r`n]);.)(?<block_comment>(?m:^[ `t]/\(?:.\R?)+?(?:[ `t]\/\|.\Z)))(?<eol>(?=[ `t]+(?&line_comment)?(?m:$)))(?<tosol>(?:(?&eol).\R\|(?&block_comment))++)(?<toeol>(?:[^ `t`r`n]++\|[ `t]+(?!(?&eol)))+)(?<contsec>[ `t]+$(?i:Join[^ `t`r`n]+\|(?&line_comment)\|[^ `t`r`n()]++\|[ `t]++)+\R(?:[ `t]+(?!$).\R)+[ `t]+\))(?<solcont>[ `t]+(?:,(?!::\| +& )\|[<>=/\|^,?:\.+\-&!~](?![^"'`r`n]?(?:".?::(?!.?")\|'.?::(?!.?')\|::))\|(?i:AND\|OR)(?=[ `t])))(?<eolcont>(?&eol)(?:(?<ec_bad>(?<=:=)\|(?<=[:,]))\|(?<=[<>=/\|^,?:\.+\-&!~](?<!\+\+\|--))\|(?<=(?<![\w[:^ascii:]\.])(?i:OR\|IS\|AS\|IN))\|(?<=(?<![\w[:^ascii:]\.])(?i:AND\|NOT))\|(?<=(?<![\w[:^ascii:]\.])(?i:CONTAINS)))(?&tosol)(?:(?&contsec)\|(?(ec_bad)\|(:v2-cle))))(?<v1_cont>(?&tosol)(?:(?&solcont)(?&subexp)\|[ `t]+,[ `t]+(?=%)(?&pct)\|(?&contsec)(?&ambig)))(?<v1_fin>(?:.+(?&v1_cont)).+)(?<ambig>(?:(?&exp)\|(?&v1_cont)\|.+)++(:~))(?<pct>(?=%[ `t])(?:(?&subexp)(?&exp)\|(?&v1_fin)(*:v1

C:\Program Files\AutoHotkey\UX\inc\launcher-common.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2613
Entropy (8bit):	4.984139073207136
Encrypted:	false
SSDEEP:	48:k8u94OWLJitj8Zk2L6eY4Y5u60P8w9XMwSv0s5P5UNctPyfFOi79C:k8u94OWLJgoeeY4R6m86GDRUNctP6wi4
MD5:	696750C1861231D07FF4548AD4360DC8
SHA1:	EB4B90B17AADF7B1CCDC484840B5500494C4A787
SHA-256:	F7D5AC8D1CFC77685CDCDBE89ABB8AC0A89F5B6EEC1AC1385069B72A05D05315
SHA-512:	5745B58987555C797F90EFD65BB9E02E3A9139B934E27B287816BE79A988F04EEF6DD8B8AF43C30F5F4BC5360CA7A3E42A21734915277CF3A18A91EA39AC3636
Malicious:	true
Preview:	..#include common.ahk....GetExeInfo(exe) {.. if !(verSize := DllCall("version\GetFileVersionInfoSize", "str", exe, "uint", 0, "uint")).. \|\| !DllCall("version\GetFileVersionInfo", "str", exe, "uint", 0, "uint", verSize, "ptr", verInfo := Buffer(verSize)).. throw OSError().. prop := {Path: exe}.. static Properties := {.. Version: 'FileVersion',.. Description: 'FileDescription',.. ProductName: 'ProductName'.. }.. for propName, infoName in Properties.OwnProps().. if DllCall("version\VerQueryValue", "ptr", verInfo, "str", "\StringFileInfo\040904b0\" infoName, "ptr", &p:=0, "uint*", &len:=0).. prop.%propName% := StrGet(p, len).. else throw OSError().. if InStr(exe, '_UIA').. prop.Description .= ' UIA'.. prop.Version := RegExReplace(prop.Version, 'i)[a-z]{2,}\K(?=\d)\|, ', '.') ; Hack-fix for erroneous version numbers (AutoHotkey_H v2.0-beta3-H...).. return prop..}....IsUsableAutoHotkey(exeinfo) {..

C:\Program Files\AutoHotkey\UX\inc\spy.ico

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	MS Windows icon resource - 4 icons, 32x32 with PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 48x48 with PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
Category:	dropped
Size (bytes):	4310
Entropy (8bit):	7.802879341444645
Encrypted:	false
SSDEEP:	96:E+lfU3JuOE/08BQLDmMZUMxsjnzEBgTOhmvS:xkLE/B2LuzEBga3
MD5:	EEECD8AF162D3F318496E0E60D6D8C57
SHA1:	31A99C80E4F1033914CE9344E95B84571F76AD2D
SHA-256:	968473DF8EAC7264D9E84E6AE91A4D706CDA9F89F345D182617B161EF4FE1A7B
SHA-512:	6F55968ADF7F2F02E128945016ED0C4D003C9640E4CBFC7B22B82374647E6EBDB07C02E99240DA369789F4107D2C130E54D4ACB1324455FD26668C4D1D009884
Malicious:	true
Preview:	...... .... .....F...00.... .........@@.... .W............. .....2....PNG........IHDR... ... .....szz.....tIME....... ?H.....tEXtSoftware.GLDPNG ver 3.4q.......tpNGGLD3....J.).....gAMA......a....DIDATx..WM(la.....d.....2.w..+..aa!.F.P3n\+.$......)).[).'Sj.....,hPd.\.[g.w~..{.^...\|..<.y.w..=gT...?.vv....R.......................177...C...cqq.CCC...V........\|.1.....\ ==.......Acc#L&....... k.p..n...R.WWW.b....SWW.^........N.....ALL.....g`llL....k...;33...GGG0..".s......-((......)...=...............=...2....g......."......\9....CUU.jkk.....&9.........,9...<5.6000 ...^................j5222......w9A......)--....xxxx.~ww...s.Z%noo.a....Gjj.h.D....aDEE.966.....Z.......4.&.ckkK...C,9.j4.....V.L...j...[.K..............z.;e..P.\#F....H.....BJJ....z.EEE.....\xww.;;;r.9....K2.z....2..S................c........"..f..X.$&$$...@.&''e.o@o........\jp....`...f!..Y..pYYY27;;....c.eff....gP..A'...'.**....mmm......f.....'s..\j.\..~j)=}}}...Cj...........#.._..fZ.6.>..{\|\|.

C:\Program Files\AutoHotkey\UX\inc\ui-base.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	5004
Entropy (8bit):	4.913133828159579
Encrypted:	false
SSDEEP:	96:ctpyLQ5w84XwtzeZIPHGI4tLSSZMUR6l5w8OtXQyceRX35FZsFFNA3me:cDi9wJeKPHGI4J9SUtruNw35FZs1mD
MD5:	F4251E653DBBBDD8CF4640BD9855C207
SHA1:	D08B6E5796150AA1436FD3DA39BFC5FDBAAEE297
SHA-256:	DEFFD87D99FF125ECCAC2331A8BA4E3A0044E150E80316E9469DD57F322BEDA1
SHA-512:	86896CCB0ACBD27EEEFE6E02747958CAFCCA31541638435DFE9F08D89B763144F6B5FB521DF11DCE4C3F46B186DE4905F56EBCC7C57D4C29EF2A0731A6492698
Malicious:	true
Preview:	class AutoHotkeyUxGui extends Gui {.. __new(title, opt:='') {.. super.__new(opt, title, this).. this.SetFont('s9', "Segoe UI").. this.OnEvent('Escape', 'Destroy').. this.OnEvent('Close', 'Destroy').. }.. .. AddListMenu(options:='', columns:=unset) {.. IsSet(columns) \|\| columns := [].. c := this.AddListView(UxListMenu.DefaultOptions ' ' options, columns).. if !InStr(options, 'Theme').. DllCall("uxtheme\SetWindowTheme", "ptr", c.hwnd, "wstr", "Explorer", "ptr", 0).. static LVTVIM_TILESIZE := 1, LVTVIM_COLUMNS := 2, LVTVIM_LABELMARGIN := 4.. static LVTVIF_AUTOSIZE := 0, LVTVIF_EXTENDED := 4, LVTVIF_FIXEDHEIGHT := 2.. , LVTVIF_FIXEDSIZE := 3, LVTVIF_FIXEDWIDTH := 1.. static LVM_SETTILEVIEWINFO := 0x10A2.. tileviewinfo := Buffer(40, 0).. ControlGetPos(,, &w,, c).. pad := 2 * A_ScreenDPI // 96.. NumPut(.. 'uint', 40, ; cbSize.. 'uint', LVTV

C:\Program Files\AutoHotkey\UX\install-ahk2exe.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1697
Entropy (8bit):	4.988385975818948
Encrypted:	false
SSDEEP:	48:R+KUvhhYz6gXd/1BvbGpk0b/oC+Putym6P:QKUvh6fFkk0rsP4kP
MD5:	C90BED0679B789B74E4865AE6F2709A3
SHA1:	B0DBEE6A237BA93DAEC76A0553CD3254821D60A1
SHA-256:	C242EBB51241ACAB13152D95CDB05BE5382FFB97F3DCA2DA3A4E5A084C2E3FF4
SHA-512:	F8DFE5C558B427E05905B2A3D8A09632347EDF945D47ED4FC82EC38A9045F5837A798EF669F0FDAE6504D9EEE6762C49C8E6C32ADAC0F6A3E6C2EED6D48E64B2
Malicious:	true
Preview:	; Run this script to launch or download and install Ahk2Exe into A_ScriptDir '\..\Compiler'...#requires AutoHotkey v2.0....#include install.ahk..#include inc\GetGitHubReleaseAssetURL.ahk....#SingleInstance Force..InstallAhk2Exe....InstallAhk2Exe() {.. inst := Installation().. inst.ResolveInstallDir() ; This sets inst.InstallDir and inst.UserInstall.. .. finalPath := inst.InstallDir '\Compiler\Ahk2Exe.exe'.. if FileExist(finalPath) {.. ShellRun finalPath.. ExitApp.. }.. .. if !A_Args.Length {.. (inst.UserInstall) \|\| SetTimer(() => (.. WinExist('ahk_class #32770 ahk_pid ' ProcessExist()) &&.. SendMessage(0x160C,, true, 'Button1') ; BCM_SETSHIELD := 0x160C.. ), -25).. if MsgBox("Ahk2Exe is not installed, but we can download and install it for you.", "AutoHotkey", 'OkCancel') = 'Cancel'.. ExitApp.. if !A_IsAdmin && !inst.UserInstall {.. Run Format('*RunAs "{1}" /restart /script "{

C:\Program Files\AutoHotkey\UX\install-version.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4162
Entropy (8bit):	4.805177330644294
Encrypted:	false
SSDEEP:	96:m4C3dyA4vkDU1tYur5Ql5rk08NpJ31rsDoY0Jk0AVIn:Q3dyA4L/fdQl5w08LrsMHJk02G
MD5:	30B87FBFADC592C38BE9D82EDF597FA3
SHA1:	1FF5D720858A38BDD2E21A5A492938C07B2811A5
SHA-256:	1E59921BCDDB3C41651EB01605CDEFCDEE3C6ADEC5DB6B7CAFB7AB801EAD5E1E
SHA-512:	79A407CAD251F45D13C0505CDF7E27A281455E3EEFE1F7FC5AEDD658297351AC7DBBCE21065A29ED9D86C6B908A175CD83201E0D60E972865E6258C2F8C145A7
Malicious:	true
Preview:	; Run this script to download and install an additional AutoHotkey version...; Specify the version as a single command line parameter. If omitted or..; incomplete like "1.1" or "2.0", the latest version will be downloaded...#requires AutoHotkey v2.0....#include install.ahk....A_ScriptName := "AutoHotkey"....InstallAutoHotkey A_Args.Length ? A_Args[1] : '1.1'....InstallAutoHotkey(version) {.. abort(message, extra?) {.. if IsSet(extra).. message .= "`n`nSpecifically: " SubStr(extra, 1, 100).. MsgBox message,, "Iconx".. ExitApp.. }.. .. ; Determine base version, for download directory.. baseVersion := RegExReplace(version, '^\d+(?:\.\d+)?\b\K.*').. if IsInteger(baseVersion).. baseVersion .= baseVersion = '1' ? '.1' : '.0'.. else if !IsNumber(baseVersion).. abort "Invalid version.", version.... ; If version number is not exact, try to determine the latest compatible version.. if IsNumber(version) {.. url := Fo

C:\Program Files\AutoHotkey\UX\install.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	39948
Entropy (8bit):	4.584438080699804
Encrypted:	false
SSDEEP:	768:Mehhuh3o8p7Nl/EjTADVwFvgxatHkMrvDN3v:J837ppleA/atEUvJf
MD5:	817E7747DCFF942D2F1E65CEC536CBF5
SHA1:	1D1C54D79138B0266D349518FA15B9BEB323621B
SHA-256:	25E530F9CADF91F63EEB04C99993355BBF79074A7559DCE817A515E177F32328
SHA-512:	A77BE0D30E848D5364A7DDCBCFF563649C06FAC546C27471A0FA35BF60286F2D3520033DF87E97F6D4EFD2090E84DED0FC0CA0AA1A87CB41D7F361AD833C406E
Malicious:	true
Preview:	; This script contains AutoHotkey (un)installation routines...; See the AutoHotkey v2 documentation for usage...#include inc\bounce-v1.ahk../* v1 stops here /..#requires AutoHotkey v2.0....#SingleInstance Off ; Needed for elevation with runas.....#include inc\launcher-common.ahk..#include inc\HashFile.ahk..#include inc\CreateAppShortcut.ahk..#include inc\EnableUIAccess.ahk..#include inc\ShellRun.ahk....if A_LineFile = A_ScriptFullPath.. Install_Main....Install_Main() {.. try {.. Installation.Instance := inst := Installation().. method := 'InstallFull'.. params := [].. while A_Index <= A_Args.Length {.. switch A_Args[A_Index], 'off' {.. case '/install':.. method := 'InstallExtraVersion'.. inst.SourceDir := A_Args[++A_Index].. case '/uninstall':.. method := 'Uninstall'.. if A_Index < A_Args.Length && SubStr(A_Args[A_Index+1],1,1) != '/'.. par

C:\Program Files\AutoHotkey\UX\installed-files.csv

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2839
Entropy (8bit):	5.2377686420992315
Encrypted:	false
SSDEEP:	48:gZh3hDcU4mG7IuWU81js9vMuUcEJi28uGQLC6GJ2ExE9+HoEjVR2XMSZFuoGV:gXRwUK0vW1UQ2ME9Hu72fcoGV
MD5:	3D895C4F6276BCF3EF0CD5A6D60114B1
SHA1:	AB51957004DC1E3ECF75BFB24C5132CE6689D03F
SHA-256:	6B0E6BEE9FF3B2CF5EA4229E1330F729E5B470B20C22917858622BA4E2E3ABB6
SHA-512:	42CABC6E9A34A46E90587342E3A55447283DFA24298B35D4005B65B8993988C90B1A290B1BC66F233CCA2D813D42460EE90AC7C2A92837953E57CD18CBBD5F8D
Malicious:	false
Preview:	Hash,Version,Path,Description..53d9c0ff0f0184ea309047bd3acf03af,2.0.12,"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey Dash.lnk",""..0ff93efe693fba7ff2043b9d4395dd87,2.0.12,"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey Window Spy.lnk",""..e3f2ad7733f3166fe770e4dc00af6c45,2.0.12,"license.txt",""..825448610a8213a8408578df2361d5eb,2.0.12,"UX\AutoHotkeyUX.exe","AutoHotkey 64-bit"..165b8fc572f943e3665994f87f1772b7,2.0.12,"UX\inc\bounce-v1.ahk",""..e8d9a7e78d6a2a40bfb532b4812bde59,2.0.12,"UX\inc\CommandLineToArgs.ahk",""..dac79ad5a978f0497de70a005b6a6084,2.0.12,"UX\inc\common.ahk",""..248b58535f55eb55d9baec04a384b5e6,2.0.12,"UX\inc\config.ahk",""..2ffbde65b63790c5aa12996e9ef9068c,2.0.12,"UX\inc\CreateAppShortcut.ahk",""..65d05ec61cca0547e218655e65e5ea7c,2.0.12,"UX\inc\EnableUIAccess.ahk",""..1a8ab9bb38fd0da51d03dc48e3a0b2ea,2.0.12,"UX\inc\GetGitHubReleaseAssetURL.ahk",""..727ae6f2ec77a5b56774df9da14636d2,2.0.12,"UX\inc\HashFile.ahk",""..3e5c97e6c3a76686329

C:\Program Files\AutoHotkey\UX\launcher.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	18109
Entropy (8bit):	4.894561088112024
Encrypted:	false
SSDEEP:	192:HBHZGn4adB4K2maaPGBSE72hxuWYDlmxrCOKen2RXXtiqOeGKlLFemIpyeOYMYyT:hH2B/uWSKXn2NCQE0X40GG7QE
MD5:	596B69069BBBCC9A22AC26BBA6EFE546
SHA1:	694CEC54200FF1EC70DC56320C577B652884B53D
SHA-256:	830DB4BE4C8320F23FF32316DAC933D4E72D9056EA5A819CC12C38614DA6E06F
SHA-512:	1C18ACF4403915C6A2562F5E26C0ED7C4FC00E9D67D19622D1DB8BB9338FF6D6E8BF9ABE7317F1B529EF1C24901B45C3B13DC3B734D97582C91B206BEE9AA8F8
Malicious:	true
Preview:	; This script is intended for indirect use via commands registered by install.ahk...; It can also be compiled as a replacement for AutoHotkey.exe, so tools which run..; scripts by executing AutoHotkey.exe can benefit from automatic version selection...#requires AutoHotkey v2.0....;@Ahk2Exe-SetDescription AutoHotkey Launcher..#SingleInstance Off..#NoTrayIcon....#include inc\identify.ahk..#include inc\launcher-common.ahk..#include inc\ui-base.ahk....if A_ScriptFullPath == A_LineFile \|\| A_LineFile == '*#1' {.. SetWorkingDir A_InitialWorkingDir.. Main..}....Main() {.. switches := [].. while A_Args.length {.. arg := A_Args.RemoveAt(1).. if SubStr(arg,1,1) != '/' {.. ScriptPath := arg.. break.. }.. nextArgValue() {.. if !A_Args.Length {.. MsgBox "Invalid command line switches; missing value for " arg ".", "AutoHotkey Launcher", "icon!".. ExitApp 1.. }.. return A_Args.R

C:\Program Files\AutoHotkey\UX\reload-v1.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	556
Entropy (8bit):	4.997919572416062
Encrypted:	false
SSDEEP:	12:SsFVctCPDVDHn3f8q9mCC41dDVxqy40nyZ3AxL24SHD/TW+37rz3kVP:SyctQVNxZx20c382FHz3kVP
MD5:	35F4753A58432446B99BF89A9E930BF5
SHA1:	BABC3341D9D95865A36EA9A20549A61146093006
SHA-256:	E4659306A755B583E9CEF5FDBA3B3EB102D8939FB028AFD91AAD4496E758FAD5
SHA-512:	AC3483A17EAD5173CE40A6AF55C3C2361652FEFD94C0BD82E004DF8186FFC31EAB194534A25FE995D677F2F71363095D177C01AFB6AE50F2B63BA156855EF5E5
Malicious:	true
Preview:	; This file is part of a trick for allowing a v2 script to relaunch itself with..; v2 when the user attempts to execute it with v1. See inc\bounce-v1.ahk.....#NoTrayIcon....if (A_ScriptFullPath = A_LineFile)..{.. MsgBox 16,, This script is not meant to be executed... ExitApp 2..}....if (!A_Args.Length())..{.. Loop Files, %A_ScriptDir%\..\AutoHotkey32.exe, FR.. {.. Run "%A_LoopFileLongPath%" /force "%A_ScriptFullPath%".. ExitApp.. }..}....MsgBox 16,, This script requires AutoHotkey v2, but was launched with v1...ExitApp 2

C:\Program Files\AutoHotkey\UX\reset-assoc.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2180
Entropy (8bit):	5.132520164605258
Encrypted:	false
SSDEEP:	48:SiAhFZOZAn5ABXEXEQX+gd4fEi1HIEL+xuFSXjwWURpwSgBTn:kZFjugWfEi1HEx+nnRFUj
MD5:	0299132478B49E3EB706C214BF32E62F
SHA1:	9705C410B9F515269C512C64129CED8E0B1B23D2
SHA-256:	D26CAEF44190E0B612C3E4309FF6689DC2953C72CB3DE1C94D002250B089F16B
SHA-512:	2A9CE8EE71AB207DBF4C4FCC2634D49233304DA858C7880813A2127C2A063DC58703D4B2129498DB630D081E1D72F899D348C01DBBCC359D92AB720B89CCDC44
Malicious:	true
Preview:	; This script clears any file type assocation made via the "open with" dialog,..; so that the standard registration under HKCR\.ahk can take effect...#include inc\bounce-v1.ahk../* v1 stops here */..#requires AutoHotkey v2.0....keyname := "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ahk\UserChoice"..initial_progid := RegRead(keyname, "ProgId", "")..legacy_key := "HKCU\Software\Classes\.ahk"..legacy_assoc := RegRead(legacy_key,, "AutoHotkeyScript")..if A_Args.Length && A_Args[1] = '/check' {.. if (initial_progid = "" \|\| initial_progid = "AutoHotkeyScript") && legacy_assoc = "AutoHotkeyScript".. \|\| MsgBox("It looks like you've used an unsupported method to set the default program for .ahk files. ".. . "This will prevent the standard context menu and launcher (version auto-detect) functionality ".. . "from working. Would you like this setting to be reset for you?", "AutoHotkey", "Icon! y/n") != "yes".. ExitApp..}..r

C:\Program Files\AutoHotkey\UX\ui-dash.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	C source, Unicode text, UTF-8 text, with CRLF line terminators
Category:	dropped
Size (bytes):	6968
Entropy (8bit):	4.859435822860328
Encrypted:	false
SSDEEP:	96:sHqX7z3hetnbfigrsSUfQDEF2mgPp3eDThh6PTw5/cjG7:Aqr9eBb5rsCs2mgxOyPTw5/17
MD5:	669BD791C5AAFB60EE0885EF064D3622
SHA1:	ACEFB3C3997E2EADD32413814E71AAAAD5A8B6D4
SHA-256:	E8C0B4E149AD58C57E77AAC12041F1FA8BC9F25C6D642D12837EFC5FD97B8D21
SHA-512:	EB0345B3562523C58894752276938C7E5EE63B7C3A660317C9A4C1A93B6E530B12015DD380A8A230324B94A9F042380C1A1D24B49D21C3805A4711CB185A33DB
Malicious:	true
Preview:	; Dash: AutoHotkey's "main menu"...; Run the script to show the GUI...#include inc\bounce-v1.ahk../* v1 stops here /..#requires AutoHotkey v2.0....#NoTrayIcon..#SingleInstance Force....#include inc\ui-base.ahk..#include ui-launcherconfig.ahk..#include ui-editor.ahk..#include ui-newscript.ahk....DashRegKey := 'HKCU\Software\AutoHotkey\Dash'....class AutoHotkeyDashGui extends AutoHotkeyUxGui {.. __new() {.. super.__new("AutoHotkey Dash").. .. lv := this.AddListMenu('vLV LV0x40 w250', ["Name", "Desc"]).. lv.OnEvent("Click", "ItemClicked").. lv.OnEvent("ItemFocus", "ItemFocused").. lv.OnNotify(-155, "KeyPressed").. .. this.AddButton("xp yp wp yp Hidden Default").OnEvent("Click", "EnterPressed").. .. il := IL_Create(,, true).. lv.SetImageList(il, 0).. il2 := IL_Create(,, false).. lv.SetImageList(il2, 1).. addIcon(p) =>(IL_Add(il, p), IL_Add(il2, p)).. .. lv.Add("Icon" addIc

C:\Program Files\AutoHotkey\UX\ui-editor.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	8585
Entropy (8bit):	4.875277208906012
Encrypted:	false
SSDEEP:	192:th4hvlbHoc4v3g/ucyCs5fyrpsp/vm1kEoQH1lY0qibz:th4h+cyCifyrp85QVldz
MD5:	82EB574294FF4E2E7461B95F5BAD0A87
SHA1:	A981373EF3BD61CE5A2F0AD9BEDAA1CF4ACFD591
SHA-256:	7263286EB3A42ECCF5EDC39B43C74A8BF7C82F2671204D1AE654236C1DE3F05D
SHA-512:	1C54E110B384D55CA0243AD343E69D1F0FA9B2A863AF8DA75A5C992D19F9E055182BBA09BE227882F82D0EBF4EC94094723E2DB06CDF7EE2ED574348A8D72C74
Malicious:	true
Preview:	; This script shows a GUI for setting the default .ahk editor...#requires AutoHotkey v2.0....#NoTrayIcon..#SingleInstance Off....#include launcher.ahk..#include inc\CommandLineToArgs.ahk....class EditorSelectionGui extends AutoHotkeyUxGui {.. __new(cmdLine) {.. super.__new("Select an editor").. .. lv := this.AddListMenu('vEds LV0x40 w300', ["Editor"]).. this.IconList := il := IL_Create(,, true).. lv.SetImageList(il, 0).. for app in this.Apps := GetEditorApps() {.. try.. icon := IL_Add(il, app.exe).. catch.. icon := -1.. lv.Add('Icon' icon, app.name).. }.. this.SelectEditorByCmd(cmdLine).. lv.AutoSize(8).. lv.GetPos(&x, &y, &w, &h).. x += w.. y += h.. .. this.AddText('xm w' w ' y' y, "Command line").. this.AddEdit('xm wp r2 -WantReturn vCmd', cmdLine).OnEvent('Change', 'CmdChanged').. .. this.AddText('xm

C:\Program Files\AutoHotkey\UX\ui-launcherconfig.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	8289
Entropy (8bit):	5.012543704125114
Encrypted:	false
SSDEEP:	192:18ZheYP0oxU2r23K7D+lTt3cs8FN7bDanWPKtscP/81Tn/dUT0:1fYs125DIB3csspb2qcx/81TnlUT0
MD5:	852BF007A6DDD80A2E5C9D82D874CF45
SHA1:	6F293EC5B59645F795E4FEB3F02C026B62ED428E
SHA-256:	C91E18A25069E7B501D2D0E1C8FC23B78CB962D93469CD0B2EA7E24CDF181DC1
SHA-512:	95F2E6BBEB9138125AB337D6BA047B824FFA527A5F2403C12BBC4EE4A4E73B516D963E09C81D453BCAFB01BD396D991DA8D36D8A91707E557ECC61C1BA9EA91D
Malicious:	true
Preview:	; This script shows a GUI for configuring the launcher...#requires AutoHotkey v2.0....#NoTrayIcon....#include inc\launcher-common.ahk..#include inc\ui-base.ahk....GetVersions() {.. vmap := Map(1, Map(), 2, Map()).. for ,f in GetUsableAutoHotkeyExes() {.. try.. vmap[GetMajor(f.Version)][f.Version] := true.. catch as e.. trace "-[Launcher] " type(e) " checking file " A_LoopFileName ": " e.message.. }.. vmap[1] := [vmap[1]].. vmap[2] := [vmap[2]].. return vmap..}....class LauncherConfigGui extends AutoHotkeyUxGui {.. __new() {.. super.__new("AutoHotkey Launch Config").. .. cmd := RegRead('HKCR\AutoHotkeyScript\shell\open\command',, '').. usingLauncher := InStr(cmd, 'UX\launcher.ahk') != 0.. currentExe := !usingLauncher && RegExMatch(cmd, '^"(.*?)"(?= )', &m) ? m.1 : "".. try.. if currentExe && GetExeInfo(currentExe).Description = "AutoHotkey Launcher" ; Support compiled launcher

C:\Program Files\AutoHotkey\UX\ui-newscript.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	10365
Entropy (8bit):	4.864764389032537
Encrypted:	false
SSDEEP:	192:WWsmA5tqnaPKHGs8SCVV7f5JfzH+zoe04+v1AlLUzhAGnk0Vps61CRjqsz:WW6TAF8SCVRf+W9AyzhAGO08
MD5:	1B88198B4BD36EB25E23DC412321A555
SHA1:	D3B5670D1BC7343AE40AD087BC22309DC17E118A
SHA-256:	31249EF15CCE83D150A9A5DE11168A5052FF2C55DBD574B8DF1C054510B61843
SHA-512:	409FB90D7EA768C9D9A2574C09B8A69C93E8AFD76234C24E3E0F71AA3F564A4F1AA46FF18EA328B1AFCCAB54604BB239D37249D5811E3A84F0AB692B032A732B
Malicious:	true
Preview:	#requires AutoHotkey v2.0....#NoTrayIcon..#SingleInstance Off....#include inc\common.ahk..#include inc\ui-base.ahk....class NewScriptGui extends AutoHotkeyUxGui {.. __new(path:="") {.. super.__new("New Script").. .. SplitPath path,, &dir,, &name.. if this.ExplorerHwnd := WinActive("ahk_class CabinetWClass") {.. this.Opt '+Owner' this.ExplorerHwnd.. if dir = "".. dir := GetPathForExplorerWindow(this.ExplorerHwnd).. }.. if dir = "".. dir := ConfigRead('New', 'DefaultDir', A_MyDocuments "\AutoHotkey").. .. name := this.AddEdit('vName w272', name != "New AutoHotkey Script" ? name : "").. static EM_SETCUEBANNER := 0x1501.. SendMessage(EM_SETCUEBANNER, true, StrPtr("Untitled"), name).. .. static IconSize := SysGet(49) ; SM_CXSMICON.. .. static BrowseIcon := LoadPicture("imageres.dll", 'Icon-1025 w' IconSize, &imgtype).. this.AddIconButton

C:\Program Files\AutoHotkey\UX\ui-setup.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	7325
Entropy (8bit):	4.877995973608334
Encrypted:	false
SSDEEP:	192:SdHQj/CKeF1DXPTYjTBS7EmK3QyOcjRn5WYHu4pCW7rvQ:SejoFpPTYjTB6EmQOcjRTHpC/
MD5:	DD3F9C2F9115689F4350896752F15926
SHA1:	FA19F1632B865B2BC098611A8BE66E9F10DC692B
SHA-256:	68B114A2EA4AF9DF54709A78EC5991A1F271097B29CB93757403FDB158746BC7
SHA-512:	12F34D5EC7A7D5452EEF97E4C87093240050756C564140874D316D0B9D194C961DEBE139BADC943B024B680B68961EF6CBE71FC1A567C6622797F90ED51FA549
Malicious:	true
Preview:	; This script shows the initial setup GUI...; It is not intended for use after installation...#requires AutoHotkey v2.0....#NoTrayIcon..#SingleInstance Force....#include inc\ui-base.ahk....A_ScriptName := "AutoHotkey Setup"..SetRegView 64..InstallGui.Show()....class InstallGui extends AutoHotkeyUxGui {.. __new() {.. super.__new(A_ScriptName, '-MinimizeBox -MaximizeBox').. .. DllCall('uxtheme\SetWindowThemeAttribute', 'ptr', this.hwnd, 'int', 1 ; WTA_NONCLIENT.. , 'int64*', 3 \| (3<<32), 'int', 8) ; WTNCA_NODRAWCAPTION=1, WTNCA_NODRAWICON=2.. .. static TitleBack := 'BackgroundWhite'.. static TitleFore := 'c3F627F'.. static TotalWidth := 350.. this.AddText('x0 y0 w' TotalWidth ' h84 ' TitleBack).. this.AddPicture('x32 y16 w32 h32 ' TitleBack, A_AhkPath).. this.SetFont('s12', 'Segoe UI').. this.AddText('x+20 yp+4 ' TitleFore ' ' TitleBack, "AutoHotkey v" A_AhkVersion).. this.SetFont('s9')..

C:\Program Files\AutoHotkey\UX\ui-uninstall.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2311
Entropy (8bit):	4.84199510475754
Encrypted:	false
SSDEEP:	48:SThy/+G2L1JubYQIBCbBaBX6XNoqb0BiWdM+T:V+G2ybdIBCdmX6doqbfWW+T
MD5:	0FE4932669E99A498A7BC76975919000
SHA1:	E0D6A7B484D3A6C0D7427F611C575F93E4F87BA4
SHA-256:	1E09FC4AF5DC3E673D4FACFE4FA849C6BDD0B29C67B0EFD7F96AAF387FCEF698
SHA-512:	DD3B99739106953608AC2EB2ECC4E3D316B5122B1B305BD7CFAB82FCC7EC0D92B5944F4724D37CBC01CA5C6B5381B57FAD9256586B5DFD0026453F9C11A32394
Malicious:	true
Preview:	; This script shows a GUI for uninstalling AutoHotkey or specific versions...#include inc\bounce-v1.ahk../* v1 stops here */..#requires AutoHotkey v2.0....#include inc\ui-base.ahk..#include install.ahk....#NoTrayIcon..#SingleInstance Force....A_ScriptName := "AutoHotkey Setup"..SetRegView 64..ModifySetupGui.Show()....class ModifySetupGui extends AutoHotkeyUxGui {.. __new() {.. super.__new(A_ScriptName, '-MinimizeBox -MaximizeBox').. .. this.inst := Installation().. this.inst.ResolveInstallDir().. versions := this.inst.GetComponents().... this.AddText(, "Remove which versions?").. iv := this.AddListView('vComponents Checked -Hdr R10 w248', ["Version"]).. iv.OnEvent('ItemCheck', 'Checked').. for v, files in versions.. iv.Add(files.HasProp('superseded') ? 'Check' : '', v).. .. anyChecked := iv.GetNext(0, 'C').. this.AddButton('vRemoveAll w120 ' (anyChecked ? '' : 'Default'), "Remove &all")..

C:\Program Files\AutoHotkey\WindowSpy.ahk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	C source, ASCII text
Category:	dropped
Size (bytes):	159
Entropy (8bit):	5.216079851830843
Encrypted:	false
SSDEEP:	3:XBAKUMyJUA2VtzcvK6vAxpl2V5FTxmkeMeB7s/5fKoxFgdMSNuWUAIaKO:RAKUIA2zYvK6vzbTxml+/ooxBAIPO
MD5:	E5918A52B52CA3CE2E99788A26477984
SHA1:	87C2B54B65663E1E29E866224FAEED7E8BAC759B
SHA-256:	C1908CFC4B224B3BC8D1A5C67CFE4ACDB4E738D8ACF98560905AFC412981C18B
SHA-512:	4F320CBEA5ADFED4B07012E04281E8713689271932B26D3886E3519389B15E2ADADB87217C5BF09B080D3DB976C77ACCF555493B7EAB5CEB45BC59131772F8E6
Malicious:	false
Preview:	#include UX.#include inc\bounce-v1.ahk./**/.#requires AutoHotkey v2.0.try Run('"' A_MyDocuments '\AutoHotkey\WindowSpy.ahk"'), ExitApp().#include WindowSpy.ahk

C:\Program Files\AutoHotkey\license.txt

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	18120
Entropy (8bit):	4.833349138619991
Encrypted:	false
SSDEEP:	384:gq2PmwE3b6k/iAVX/dUY2ZpEGMOZ77oPyBrsS/S9B:gzuh1iYWrTXoPAs9B
MD5:	E3F2AD7733F3166FE770E4DC00AF6C45
SHA1:	3D436FFDD69F7187B85E0CF8F075BD6154123623
SHA-256:	B27C1A7C92686E47F8740850AD24877A50BE23FD3DBD44EDEE50AC1223135E38
SHA-512:	ED97318D7C5BEB425CB70B3557A16729B316180492F6F2177B68F512BA029D5C762AD1085DD56FABE022B5008F33E9BA564D72F8381D05B2E7F0FA5EC1AECDF3
Malicious:	true
Preview:	GNU GENERAL PUBLIC LICENSE.. Version 2, June 1991.... Copyright (C) 1989, 1991 Free Software Foundation, Inc... 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.. Everyone is permitted to copy and distribute verbatim copies.. of this license document, but changing it is not allowed..... Preamble.... The licenses for most software are designed to take away your..freedom to share and change it. By contrast, the GNU General Public..License is intended to guarantee your freedom to share and change free..software--to make sure the software is free for all its users. This..General Public License applies to most of the Free Software..Foundation's software and to any other program whose authors commit to..using it. (Some other Free Software Foundation software is covered by..the GNU Library General Public License instead.) You can apply it to..your programs, too..... When we speak of free so

C:\Program Files\AutoHotkey\v2\AutoHotkey.chm

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	MS Windows HtmlHelp Data
Category:	dropped
Size (bytes):	2001344
Entropy (8bit):	7.995473310759226
Encrypted:	true
SSDEEP:	49152:8gtJD4GrdWKYzvZ51ixTVdyFEI6VHMiYB0MG:8gtGOyjuXHlhMiNZ
MD5:	E42714518B26BC65D26B813E182F90CD
SHA1:	1D739F1071E4A087234A8B73C32786BAECF815E5
SHA-256:	10FDFCE6830404381A0C9BE77F7C149760FD0ADE8DD65571FFFEB6C8C5008553
SHA-512:	195E4277E006DC326F0BDA15EEC2B190440D6937120DD1AAC99C80CCCF85ADC8A4F2C21381EB65D5EF24CC0C6C438973D9D30E6DA6EA22B7AFCC7E46002CB980
Malicious:	true
Preview:	ITSF....`.......&..........\|.{.......".....\|.{......."..`...............x.......T`.......`..............................ITSP....T...........................................j..].!......."..T...............PMGLQ................/..../#IDXHDR....O.../#ITBITS..../#STRINGS....y..../#SYSTEM....(./#TOPICS....O.../#URLSTR....3..F./#URLTBL...._.T./#WINDOWS....2.L./$FIftiMain....[..t./$OBJINST......?./$WWAssociativeLinks/..../$WWAssociativeLinks/Property......./$WWKeywordLinks/..../$WWKeywordLinks/BTree....~..L./$WWKeywordLinks/Data....J.\|./$WWKeywordLinks/Map....F.2./$WWKeywordLinks/Property....x ./docs/..../docs/AHKL_DBGPClients.htm......../docs/ChangeLog.htm...]..../docs/Compat.htm....:.E./docs/Concepts.htm..)..;./docs/FAQ.htm....4..../docs/Functions.htm...n..F./docs/HotkeyFeatures.htm....K.L./docs/Hotkeys.htm......"./docs/Hotstrings.htm...N..6./docs/howto/..../docs/howto/Install.htm..../.A./docs/howto/ManageWindows.htm....&.v./docs/howto/RunExamples.htm....].e./docs/howto/RunPrograms.htm....

C:\Program Files\AutoHotkey\v2\AutoHotkey32.exe

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	979968
Entropy (8bit):	6.478182737646768
Encrypted:	false
SSDEEP:	24576:UnbyRuLHeIj86TTuQbyB3+vETrGNW8NxqxYk:2yKgqEvGNW83qxY
MD5:	8BC086A1CE0B394DE31CD415A3CD0E87
SHA1:	620FBFC0FCE8067A9AF12C0E3267F8C17C658D6A
SHA-256:	05FCAF6F09B9FE4B85887F75183310D34166A0B854CA0907B497808BE7B8F87D
SHA-512:	0F989B2584FDBFDE2EA01DD0AC7FF7C51DA0063AB01C57053DDF15547BA7187F2795D5013BEFF558431FE0DB0A1A0AF991DBC4AF455CD86BA7D4676366104237
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 13% Antivirus: Virustotal, Detection: 14%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........=aS.S2S.S2S.S2..P3].S2F.V3..S2F.W3F.S2F.P3J.S2..W3H.S2..V3..S2..U3R.S2..R3r.S2S.R2..S2ekP3R.S2ekZ3..S2ek.2R.S2ekQ3R.S2RichS.S2........PE..L......e...............%.h..........9.............@..........................P................@.............................l...T.......................................8...........................0...@............................................text....f.......h.................. ..`.rdata..4............l..............@..@.data...4.... ...b..................@....rsrc................n..............@..@........................................................................................................................................................................................................................................................................................................................................

C:\Program Files\AutoHotkey\v2\AutoHotkey32_UIA.exe

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	980928
Entropy (8bit):	6.481711676279919
Encrypted:	false
SSDEEP:	24576:enbyRuLHeIj86TTuQbyB3+vETrGNW8NxqxYkbv:IyKgqEvGNW83qxYkj
MD5:	CD4CCFDB6FC234DC22D8F4ED4A0AC711
SHA1:	126A959B2BD451A4F3C257463F8D6F6910A63743
SHA-256:	9DF87A25A94C9BE7278EDFA850283BC44DAE0CBDADB23F056EEC8E0F59B130CD
SHA-512:	CF1693F0CE5B853B736E8A0B1AF2CEB583D63059657DFAF29340036AFDD63CC63C680C6A349C17384DB710DAE17CD3630E8E757395DB8E9EE128A517A42A230E
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........=aS.S2S.S2S.S2..P3].S2F.V3..S2F.W3F.S2F.P3J.S2..W3H.S2..V3..S2..U3R.S2..R3r.S2S.R2..S2ekP3R.S2ekZ3..S2ek.2R.S2ekQ3R.S2RichS.S2........PE..L......e...............%.h..........9.............@..........................P......3.........@.............................l...T.......l...............................8...........................0...@............................................text....f.......h.................. ..`.rdata..4............l..............@..@.data...4.... ...b..................@....rsrc...l............n..............@..@........................................................................................................................................................................................................................................................................................................................................

C:\Program Files\AutoHotkey\v2\AutoHotkey64.exe

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1256448
Entropy (8bit):	6.40012168761782
Encrypted:	false
SSDEEP:	24576:Ve1psX+O47m4ffJhxZ4rBcRyMlc/SsVNGgMxCRjU:Vek+bi4ffJhxZ4axcbHGPWj
MD5:	825448610A8213A8408578DF2361D5EB
SHA1:	F43875855E4F02010AD6C755067B813D0FCBE68A
SHA-256:	37FF15A23A98F0A658298E21F1873CA896A05208810BF796F90CA212EE07C7B1
SHA-512:	7556143128878B2E765309DB8B35CC8206D325C0C17C37B191600BD8F719A923B0F917F4C53F0946ED2D12136A9E42774246595EED78F1038779FDCBD3736EEE
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./...kl..kl..kl.. ...\|l..~...El..~...xl..~...bl.. ...rl.. ....l.. ...jl.. ...Jl..kl...m..].il..].)l..].j.jl..].jl..Richkl..........PE..d......e..........#....%.......................@.......................................... ...@.................................................T....@..............................@...8...............................@............................................text...v........................... ..`.rdata..............................@..@.data...............................@....pdata..............."..............@..@_RDATA..\....0......................@..@.rsrc........@......................@..@........................................................................................................................................................................................................................................

C:\Program Files\AutoHotkey\v2\AutoHotkey64_UIA.exe

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1257408
Entropy (8bit):	6.402954876354794
Encrypted:	false
SSDEEP:	24576:he1psX+O47m4ffJhxZ4rBcRyMlc/SsVNGgMxCRjq7:hek+bi4ffJhxZ4axcbHGPWjQ
MD5:	E5E06A7E23DC87111BDC2FDEF2DE4D2B
SHA1:	C39651ABB44058E1A38FC1BC00E48BA6F0725C39
SHA-256:	E00A8DB09692D68703D6AD8BD8166ACE00299C9B9963AC4ACC84DA43BD0FE031
SHA-512:	E1DC4F1EA74BB80B4E577B0BD44F346D012810C662EB40A9DA435B7FD3B81DE462007464DBF0602899DF9B91C5B39613304F9A6AC6C2E747E81D8A2B65F4C606
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./...kl..kl..kl.. ...\|l..~...El..~...xl..~...bl.. ...rl.. ....l.. ...jl.. ...Jl..kl...m..].il..].)l..].j.jl..].jl..Richkl..........PE..d......e..........#....%.....T.................@.....................................J.... ...@.................................................T....@..l............,..............@...8...............................@............................................text...v........................... ..`.rdata..............................@..@.data...............................@....pdata..............."..............@..@_RDATA..\....0......................@..@.rsrc...l....@......................@..@........................................................................................................................................................................................................................................

C:\Program Files\AutoHotkey\v2\RCXC8B7.tmp

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	979968
Entropy (8bit):	6.479796362686995
Encrypted:	false
SSDEEP:	24576:EnbyRuLHeIj86TTuQbyB3+vETrGNW8NxqxYkbw:myKgqEvGNW83qxYkc
MD5:	79377BC20C7E9C096D4B777D719A75A6
SHA1:	78160D8A501FD2022D8D381FE5FB71FA2AD4E0CC
SHA-256:	3BCC5BF5AB6B5C461A4F299F668DDD9870809C292613657C0972147FFD86CA2F
SHA-512:	007CC7EE25FD6E0EB44DDC2174BFF94DA29172621DBA782069B90272572EF343830376F15920B3E866452D5D71640649E43EBB053994A644A6B24829F2DCD958
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 11% Antivirus: Virustotal, Detection: 6%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........=aS.S2S.S2S.S2..P3].S2F.V3..S2F.W3F.S2F.P3J.S2..W3H.S2..V3..S2..U3R.S2..R3r.S2S.R2..S2ekP3R.S2ekZ3..S2ek.2R.S2ekQ3R.S2RichS.S2........PE..L......e...............%.h..........9.............@..........................P................@.............................l...T.......l...............................8...........................0...@............................................text....f.......h.................. ..`.rdata..4............l..............@..@.data...4.... ...b..................@....rsrc...l............n..............@..@........................................................................................................................................................................................................................................................................................................................................

C:\Program Files\AutoHotkey\v2\RCXC9D2.tmp

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1256448
Entropy (8bit):	6.401460579017051
Encrypted:	false
SSDEEP:	24576:Xe1psX+O47m4ffJhxZ4rBcRyMlc/SsVNGgMxCRjqw:Xek+bi4ffJhxZ4axcbHGPWj/
MD5:	D076D3618CC8722414C207822B4A9AD2
SHA1:	3B31C4BA63C4A631F1851CCCD4C760E1A2F217FC
SHA-256:	6F31115338D91FCEE584313B81405A7B9560A866B52934C9A5F67F6B6E294C0A
SHA-512:	41E838B97A2AFEE080FB1F9E99A82A3AE344833F62FFAFD96D015AAA2CA0BEFA2194802E449FB2B85228FCDBDDB79E0E3A9D22824509565BCB6E9E44B85A8E8A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./...kl..kl..kl.. ...\|l..~...El..~...xl..~...bl.. ...rl.. ....l.. ...jl.. ...Jl..kl...m..].il..].)l..].j.jl..].jl..Richkl..........PE..d......e..........#....%.....T.................@.......................................... ...@.................................................T....@..l...........................@...8...............................@............................................text...v........................... ..`.rdata..............................@..@.data...............................@....pdata..............."..............@..@_RDATA..\....0......................@..@.rsrc...l....@......................@..@........................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey Dash.lnk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has command line arguments, Archive, ctime=Fri Mar 29 05:49:19 2024, mtime=Fri Mar 29 05:49:19 2024, atime=Fri Mar 29 05:49:19 2024, length=1256448, window=hide
Category:	dropped
Size (bytes):	1352
Entropy (8bit):	4.419952565562458
Encrypted:	false
SSDEEP:	24:8BZ5edXBqUdcKK6IAEkzdGx65dGyqzn2gdGx6jMqdGQHa9m:8FedXBPcuvEIdj5dWhdjjMqdh8
MD5:	53D9C0FF0F0184EA309047BD3ACF03AF
SHA1:	5E0DB8742F6C00AA67E4C1ACED7E8F47B7CE07F1
SHA-256:	26D1746DEFE4A4FE019B7768754104B29937668F6C4F08306E2A33DC43012BFF
SHA-512:	41091E87C94B19D62049E6282A195C431034DFD18C0D5432F29F37B0D3488DD2E18979EEB9015B513E7E12ED945A26EE51A2036DF10A1538135F58263E9A3246
Malicious:	false
Preview:	L..................F.... ......9.......9....dR`9.....,...........................P.O. .:i.....+00.../C:\.....................1.....}X6..PROGRA~1..t......O.I}X6....B...............J.....?.n.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....^.1.....}X6..AUTOHO~1..F......}X6}X6............................ .A.u.t.o.H.o.t.k.e.y.....H.1.....}X+6..UX..6......}X6}X+6.....:.....................s..U.X.....n.2..,..}X6 .AUTOHO~1.EXE..R......}X6}X*6.....:......................j.A.u.t.o.H.o.t.k.e.y.U.X...e.x.e.......^...............-.......]...........+.......C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe....A.u.t.o.H.o.t.k.e.y. .D.a.s.h.;.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.A.u.t.o.H.o.t.k.e.y.\.U.X.\.A.u.t.o.H.o.t.k.e.y.U.X...e.x.e.,.".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.A.u.t.o.H.o.t.k.e.y.\.U.X.\.u.i.-.d.a.s.h...a.h.k.".`.......X.......648351...........hT..CrF.f4... ..T..b...,.......hT..CrF.f4... ..T..b...,......w.......2...1SPSU(L.y.9K...

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey Window Spy.lnk

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has command line arguments, Icon number=0, Archive, ctime=Fri Mar 29 05:49:19 2024, mtime=Fri Mar 29 05:49:20 2024, atime=Fri Mar 29 05:49:19 2024, length=1256448, window=hide
Category:	dropped
Size (bytes):	2242
Entropy (8bit):	3.4564238366552735
Encrypted:	false
SSDEEP:	24:8B35edIB9U/cKK6IAul+QmdGx67dGXYdGulJTfdGtzn2gdGx6jMqdGQRqam:8LedIBQcuvpdj7dJd/bd2hdjjMqdhT
MD5:	0FF93EFE693FBA7FF2043B9D4395DD87
SHA1:	C1547E3C51DC305CBBEBBFF1C40958A6D53682F9
SHA-256:	28EAEF08F47C2C30A72D5012899687DF78D046F636C0554EE88800B8D13DE9CD
SHA-512:	0213953898235C716BBAD9004C09C69D69C770C87C9DC62E9385032C717982DA5BD5AE20CE9EFC4917A812886143BBEA002C75493E72DCDDFFEFC1F6BBB0882D
Malicious:	false
Preview:	L..................F.@.. ......9......]:....dR`9.....,...........................P.O. .:i.....+00.../C:\.....................1.....}X6..PROGRA~1..t......O.I}X6....B...............J.....?.n.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....^.1.....}X+6..AUTOHO~1..F......}X6}X+6..........................-...A.u.t.o.H.o.t.k.e.y.....H.1.....}X+6..UX..6......}X6}X+6.....:....................-...U.X.....n.2..,..}X6 .AUTOHO~1.EXE..R......}X6}X6.....:......................j.A.u.t.o.H.o.t.k.e.y.U.X...e.x.e.......^...............-.......]...........+.......C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe....A.u.t.o.H.o.t.k.e.y. .W.i.n.d.o.w. .S.p.y.;.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.A.u.t.o.H.o.t.k.e.y.\.U.X.\.A.u.t.o.H.o.t.k.e.y.U.X...e.x.e...".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.A.u.t.o.H.o.t.k.e.y.\.U.X.\.W.i.n.d.o.w.S.p.y...a.h.k."..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.A.u.t.o.H.o.t.k.e.y.\.U.X.\.i.n.c.\.s.p.y...i.c.o.........%SystemDrive%

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\f213bf5a8af890680781f9b7261613ea_9e146be9-c76a-4720-bcdb-53011b87bd06

Download File

Process:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
File Type:	data
Category:	dropped
Size (bytes):	1455
Entropy (8bit):	7.3535713107261635
Encrypted:	false
SSDEEP:	24:EYtM+4csoUsIBW/Z4wi/HK/+L0mdiEIzDnGIuBbJh8Mz5c0PHXzvi1d:DtMXoUE/jR+LFdiEYAf8M57vzviL
MD5:	520A526E7032579C26E3A593ADFE9253
SHA1:	7A2C59B611FDAA4AE33CF7FD53E97FB47F1F7B75
SHA-256:	F4DCFC1A2F4EA507BC4E9E955F2E645FBF82826FBAE9CB595098B0334908E4AA
SHA-512:	620CB0BAAFD0E5E68158BFA3A35EF4A85E23226A8F3A1D1D8024E9F7E632C58EC6EF3A786729B5CF389F3036E9F08CA90BEFB25023DB0840F7895D249123CF2C
Malicious:	false
Preview:	........................................AutoHotkey.....................RSA1................Y...=.h.L.8...V... ..0H.T.:..T)X...6.}dK........&K46..GE..8.!...h.0q............G.5YN..Tr.(..9.'.%M.a.gu.s...3..........................z..O....../..X..E@...I.......,...C.r.y.p.t.o.A.P.I. .P.r.i.v.a.t.e. .K.e.y....f...... ......I....+..\..n.Dc.0.<..WL.\|n.G............ ....V$...f.s....`]G.Q:.vR<...Q.....f...."....'...e.....Z.....$`..\....q...3[H.l...j('._.^7.q..B6.8...V.w}...m5.....9..$.!....l.ys(..G........]....o....1.D...#h...=...O...N.A.\|...Z..3....W.r?.Z.b...s.....9.[..t..7...n.........7...Xt....3.R.`....~....{..y..".%..w%...../>=.<...$K.$.'....s.;\|..J..O..z...}%..../........e.0RRv.f~.......&..\|.8...<M.. #..6..`k@..mm..Q..[:........3...f.is.1...V....&...XV.7....w......v".U..\|_..K....\rq...D.....l}.O...!...'...=...v.e..o].........8Wk..Xiyq..\|..0ZA.p.f..e._s.......F._....\.q=.Z8.... N..S....9.]..+...._].....X.Y_.K...<....Hw1{.P.(...q...

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy (8bit):	7.997747867212412
TrID:	Win32 Executable (generic) a (10002005/4) 99.66% UPX compressed Win32 Executable (30571/9) 0.30% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	AutoHotkey_2.0.12_setup.exe
File size:	3'000'320 bytes
MD5:	2cdbe2b76a36b976e9980fb4733f1052
SHA1:	64bbb4dbeed8639b272a73c2cad0f9155f42115d
SHA256:	4e1e3123dd85d3ac65a0803b08dd89b9b12b5a00b9f566782855332d03e5fe26
SHA512:	cec27f241f62d49c639cffdd7be4e56c49de3bdeabbdb7337b24a054361ae3412e72e48e182a7c18b76b611f605365cc02e4b0d1cdca201cb356e38b6fd78330
SSDEEP:	49152:B9AaYh1cvoIPqovmRIsOuFEGTUFu1G1Vn/2SGR4mq08hc9pdgWaU6SjwryAA+iI3:f/YmoI5F/VG02pLq0JgHUyryAXiI5A5w
TLSH:	82D533E0C3D8A607CAA8607D8E7C5F0E65155CEB0DA51AAB3C5E640F27A3AD40D93D37
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........=aS.S2S.S2S.S2..P3].S2F.V3..S2F.W3F.S2F.P3J.S2..W3H.S2..V3..S2..U3R.S2..R3r.S2S.R2..S2ekP3R.S2ekZ3..S2ek.2R.S2ekQ3R.S2RichS.S

File Icon


Icon Hash:	4bccccc4cccc4c31

Static PE Info

General

Entrypoint:	0x938540
Entrypoint Section:	UPX1
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:
Time Stamp:	0x65FE1D9E [Sat Mar 23 00:09:02 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	19b08bc2a65da9d884b37c9dc279aaca

Entrypoint Preview

Instruction
pushad
mov esi, 00666000h
lea edi, dword ptr [esi-00265000h]
push edi
mov ebp, esp
lea ebx, dword ptr [esp-00003E80h]
xor eax, eax
push eax
cmp esp, ebx
jne 00007F00318C23EDh
inc esi
inc esi
push ebx
push 00536F33h
push edi
add ebx, 04h
push ebx
push 002D2535h
push esi
add ebx, 04h
push ebx
push eax
mov dword ptr [ebx], 00020003h
push ebp
push edi
push esi
push ebx
sub esp, 7Ch
mov edx, dword ptr [esp+00000090h]
mov dword ptr [esp+74h], 00000000h
mov byte ptr [esp+73h], 00000000h
mov ebp, dword ptr [esp+0000009Ch]
lea eax, dword ptr [edx+04h]
mov dword ptr [esp+78h], eax
mov eax, 00000001h
movzx ecx, byte ptr [edx+02h]
mov ebx, eax
shl ebx, cl
mov ecx, ebx
dec ecx
mov dword ptr [esp+6Ch], ecx
movzx ecx, byte ptr [edx+01h]
shl eax, cl
dec eax
mov dword ptr [esp+68h], eax
mov eax, dword ptr [esp+000000A8h]
movzx esi, byte ptr [edx]
mov dword ptr [ebp+00h], 00000000h
mov dword ptr [esp+60h], 00000000h
mov dword ptr [eax], 00000000h
mov eax, 00000300h
mov dword ptr [esp+64h], esi
mov dword ptr [esp+5Ch], 00000001h
mov dword ptr [esp+58h], 00000001h
mov dword ptr [esp+54h], 00000001h
mov dword ptr [esp+50h], 00000001h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x542cd8	0x3a0	.rsrc
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x53a000	0x8cd8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x5390e4	0xc0	UPX1
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
UPX0	0x1000	0x265000	0x0	d41d8cd98f00b204e9800998ecf8427e	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
UPX1	0x266000	0x2d4000	0x2d3200	ebe8dc4e178259bd4212f753c709ae11	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x53a000	0xa000	0x9200	62d44d45fec671a1850096a9980ab238	False	0.4153735017123288	data	6.160837595208632	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x53b434	0x244	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	English	United States	1.0189655172413794
RT_ICON	0x53b67c	0x197	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	English	United States	1.0221130221130221
RT_ICON	0x53b818	0x1d1	PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced	English	United States	1.0236559139784946
RT_ICON	0x53b9f0	0x229	PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced	English	United States	1.0198915009041591
RT_ICON	0x53bc20	0x26f	PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced	English	United States	1.0176565008025682
RT_ICON	0x53be94	0x322	PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced	English	United States	1.013715710723192
RT_ICON	0x53c1bc	0x3ab	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	English	United States	1.0117145899893503
RT_ICON	0x53c56c	0x413	PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced	English	United States	1.0105465004793863
RT_ICON	0x53c984	0x26b	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	English	United States	1.0177705977382876
RT_ICON	0x53cbf4	0x19b	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	English	United States	1.0170316301703164
RT_ICON	0x53cd94	0x1d8	PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced	English	United States	1.0233050847457628
RT_ICON	0x53cf70	0x22a	PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced	English	United States	1.01985559566787
RT_ICON	0x53d1a0	0x252	PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced	English	United States	1.0185185185185186
RT_ICON	0x53d3f8	0x16e	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	English	United States	1.005464480874317
RT_ICON	0x53d56c	0x1b0	PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced	English	United States	1.0208333333333333
RT_ICON	0x53d720	0x1ed	PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced	English	United States	1.0223123732251522
RT_ICON	0x53d914	0x22a	PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced	English	United States	1.01985559566787
RT_ICON	0x53db44	0x203	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	English	United States	1.021359223300971
RT_ICON	0x53dd4c	0x163	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	English	United States	1.008450704225352
RT_ICON	0x53deb4	0x19f	PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced	English	United States	1.0192771084337349
RT_ICON	0x53e058	0x1d6	PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced	English	United States	1.023404255319149
RT_ICON	0x53e234	0x20f	PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced	English	United States	1.0208728652751422
RT_ICON	0x53e448	0x1f0	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	English	United States	1.0181451612903225
RT_ICON	0x53e63c	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.22396810506566603
RT_ICON	0x53f6e8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.15228215767634853
RT_ICON	0x541c94	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.40425531914893614
RT_ICON	0x542100	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640	English	United States	0.43548387096774194
RT_MENU	0xf437c	0x2c8	empty	English	United States	0
RT_DIALOG	0xf4644	0xe0	empty	English	United States	0
RT_DIALOG	0xf4724	0x18e	empty	English	United States	0
RT_ACCELERATOR	0xf48b4	0x48	empty	English	United States	0
RT_RCDATA	0xf48fc	0x1e89c0	empty	English	United States	0
RT_RCDATA	0x2dd2bc	0xef400	data	English	United States	1.000312255094044
RT_RCDATA	0x3cc6bc	0x132c00	data	English	United States	1.0003108978271484
RT_RCDATA	0x4ff2bc	0x42	data	English	United States	1.1666666666666667
RT_RCDATA	0x4ff300	0x46c8	data	English	United States	1.0008830022075055
RT_RCDATA	0x5039c8	0x8e	data	English	United States	1.0774647887323943
RT_RCDATA	0x503a58	0x160	data	English	United States	1.03125
RT_RCDATA	0x503bb8	0x2b0	data	English	United States	1.0159883720930232
RT_RCDATA	0x503e68	0x1ad	data	English	United States	1.0256410256410255
RT_RCDATA	0x504018	0x62a	data	English	United States	1.0069708491761724
RT_RCDATA	0x504644	0x29ee	data	English	United States	1.0010247810694988
RT_RCDATA	0x507034	0x34c	data	English	United States	1.0130331753554502
RT_RCDATA	0x507380	0x980	data	English	United States	1.0045230263157894
RT_RCDATA	0x507d00	0x429	OpenPGP Public Key	English	United States	1.0103286384976526
RT_RCDATA	0x50812c	0xfb2	data	English	United States	1.0027376804380288
RT_RCDATA	0x5090e0	0xa35	data	English	United States	1.004209720627631
RT_RCDATA	0x509b18	0xb6	data	English	United States	1.0604395604395604
RT_RCDATA	0x509bd0	0x1a4	data	English	United States	1.026190476190476
RT_RCDATA	0x509d74	0x10d6	data	English	United States	1.0025522041763342
RT_RCDATA	0x50ae4c	0x138c	data	English	United States	1.0021982414068744
RT_RCDATA	0x50c1d8	0x6a1	data	English	United States	1.0064820271066588
RT_RCDATA	0x50c87c	0x1042	data	English	United States	1.0026429601153293
RT_RCDATA	0x50d8c0	0x9c0c	data	English	United States	1.0005256833884049
RT_RCDATA	0x5174cc	0x46bd	data	English	United States	1.0008835385719808
RT_RCDATA	0x51bb8c	0x22c	data	English	United States	1.0197841726618706
RT_RCDATA	0x51bdb8	0x884	data	English	United States	1.005045871559633
RT_RCDATA	0x51c63c	0x5d	data	English	United States	1.118279569892473
RT_RCDATA	0x51c69c	0x1b38	data	English	United States	1.0015786452353617
RT_RCDATA	0x51e1d4	0x2189	data	English	United States	1.0012813046010482
RT_RCDATA	0x520360	0x2061	data	English	United States	1.0013270599589819
RT_RCDATA	0x5223c4	0x287d	data	English	United States	1.0010612638687892
RT_RCDATA	0x524c44	0x1c9d	data	English	United States	1.0015017064846417
RT_RCDATA	0x5268e4	0x907	data	English	United States	1.00475984422328
RT_RCDATA	0x5271ec	0x1fea	data	English	United States	1.001346389228886
RT_RCDATA	0x5291d8	0x39	data	English	United States	1.1929824561403508
RT_RCDATA	0x529214	0xc09c	data	English	United States	1.0005272978015738
RT_GROUP_ICON	0x5423ec	0x76	data	English	United States	0.7372881355932204
RT_GROUP_ICON	0x542468	0x3e	data	English	United States	0.8870967741935484
RT_GROUP_ICON	0x5424ac	0x4c	data	English	United States	0.8157894736842105
RT_GROUP_ICON	0x5424fc	0x4c	data	English	United States	0.7763157894736842
RT_GROUP_ICON	0x54254c	0x4c	data	English	United States	0.8026315789473685
RT_VERSION	0x54259c	0x21c	data	English	United States	0.4981481481481482
RT_MANIFEST	0x5427bc	0x519	ASCII text, with very long lines (1305), with no line terminators	English	United States	0.47662835249042146

Imports

DLL	Import
ADVAPI32.dll	RegCloseKey
COMCTL32.dll	ImageList_Create
dwmapi.dll	DwmGetWindowAttribute
GDI32.dll	BitBlt
KERNEL32.DLL	LoadLibraryA, ExitProcess, GetProcAddress, VirtualProtect
ole32.dll	CoGetObject
OLEAUT32.dll	SafeArrayGetUBound
PSAPI.DLL	GetProcessImageFileNameW
SHELL32.dll	DragFinish
SHLWAPI.dll	StrCmpLogicalW
USER32.dll	GetDC
UxTheme.dll	IsAppThemed
VERSION.dll	VerQueryValueW
WININET.dll	InternetOpenW
WINMM.dll	joyGetPosEx
WSOCK32.dll	WSAStartup

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Target ID:	0
Start time:	07:49:14
Start date:	29/03/2024
Path:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe"
Imagebase:	0x400000
File size:	3'000'320 bytes
MD5 hash:	2CDBE2B76A36B976E9980FB4733F1052
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	07:49:18
Start date:	29/03/2024
Path:	C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe" /to "C:\Program Files\AutoHotkey"
Imagebase:	0x400000
File size:	3'000'320 bytes
MD5 hash:	2CDBE2B76A36B976E9980FB4733F1052
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	07:49:21
Start date:	29/03/2024
Path:	C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe" "C:\Program Files\AutoHotkey\UX\reset-assoc.ahk" /check
Imagebase:	0x140000000
File size:	1'256'448 bytes
MD5 hash:	825448610A8213A8408578DF2361D5EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs Detection: 0%, Virustotal, Browse
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	07:49:21
Start date:	29/03/2024
Path:	C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe" UX\ui-dash.ahk
Imagebase:	0x140000000
File size:	1'256'448 bytes
MD5 hash:	825448610A8213A8408578DF2361D5EB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Function 00E3964B Relevance: .6, Instructions: 607COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000003.1674958594.0000000000E35000.00000004.00000020.00020000.00000000.sdmp, Offset: 00E35000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_3_e35000_AutoHotkey_2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6508d5d8938dfecc63779bd108fd68c184e321fb6e63e073397d980790b23ec
Instruction ID: b4fca4e1d5739aa9eddfdbbcd211369fdb09fbb1a5fbd71d10a5b442b5a0ed5e
Opcode Fuzzy Hash: e6508d5d8938dfecc63779bd108fd68c184e321fb6e63e073397d980790b23ec
Instruction Fuzzy Hash: 5822979284E3C15FC7038B704D7A5947F706E63214B0E86DFC8C69F4A3E68A590AD762

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: AutoHotkeyUX.exePID: 6760, Parent PID: 6576COMMON

Execution Graph

Execution Coverage:	2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	5.8%
Total number of Nodes:	1214
Total number of Limit Nodes:	26

Executed Functions

Function 000000014004C8F0 Relevance: 86.8, APIs: 8, Strings: 41, Instructions: 1014libraryCOMMON

Download Yara Rule

APIs

SetDllDirectoryW.KERNEL32 ref: 000000014004CA3D
GetFileAttributesW.KERNEL32 ref: 000000014004CB03
SetDllDirectoryW.KERNEL32 ref: 000000014004CB15
LoadLibraryW.KERNEL32 ref: 000000014004CB50
GetModuleHandleExW.KERNEL32 ref: 000000014004CB6F

Part of subcall function 00000001400C0224: _invalid_parameter_noinfo.LIBCMT ref: 00000001400C0241

Strings

64-bit, xrefs: 000000014004D561
#NoTrayIcon, xrefs: 000000014004CBA1
#Include, xrefs: 000000014004C9E8
#UseHook, xrefs: 000000014004CC81
Ignore, xrefs: 000000014004CC20
#IncludeAgain, xrefs: 000000014004CA02
False, xrefs: 000000014004CCBD, 000000014004D180, 000000014004D251
#Requires, xrefs: 000000014004D515
#SuspendExempt, xrefs: 000000014004D215
Parameter #1 invalid., xrefs: 000000014004D35A, 000000014004D475, 000000014004D6EA
, xrefs: 000000014004C90C
#ClipboardTimeout, xrefs: 000000014004D29A
An internal function call failed., xrefs: 000000014004CA55, 000000014004CB37
#DllLoad, xrefs: 000000014004CA1F
#InputLevel, xrefs: 000000014004D36E
#MaxThreadsPerHotkey, xrefs: 000000014004D0F8
Off, xrefs: 000000014004CC47
True, xrefs: 000000014004CC9E, 000000014004D161, 000000014004D232
Out of memory., xrefs: 000000014004CDCC, 000000014004CF0C
This script requires %s.Current interpreter: %s v%s %s%s, xrefs: 000000014004D637
Prompt, xrefs: 000000014004CBF8
Parameter #2 invalid., xrefs: 000000014004D4C2
#Warn, xrefs: 000000014004D3B2
#Hotstring, xrefs: 000000014004CF6F
-()[]{}:;'"/\,.?! , xrefs: 000000014004D004, 000000014004D019
EndChars, xrefs: 000000014004CF8F
Parameter #1 required, xrefs: 000000014004D53B, 000000014004D694
Force, xrefs: 000000014004CBE5
#WinActivateForce, xrefs: 000000014004D2CE
#MaxThreads, xrefs: 000000014004D1C9
#MaxThreadsBuffer, xrefs: 000000014004D144
#HotIfTimeout, xrefs: 000000014004CF3B
Script library not found., xrefs: 000000014004D7E4
2.0.12, xrefs: 000000014004D568
AutoHotkey, xrefs: 000000014004D552, 000000014004D64C
NoMouse, xrefs: 000000014004D035
Invalid usage., xrefs: 000000014004CF2A
#SingleInstance, xrefs: 000000014004CBC5
Failed to load DLL., xrefs: 000000014004CB88
#HotIf, xrefs: 000000014004CD06
#ErrorStdOut, xrefs: 000000014004D2F2

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Directory$AttributesFileHandleLibraryLoadModule_invalid_parameter_noinfo
String ID: $#ClipboardTimeout$#DllLoad$#ErrorStdOut$#HotIf$#HotIfTimeout$#Hotstring$#Include$#IncludeAgain$#InputLevel$#MaxThreads$#MaxThreadsBuffer$#MaxThreadsPerHotkey$#NoTrayIcon$#Requires$#SingleInstance$#SuspendExempt$#UseHook$#Warn$#WinActivateForce$-()[]{}:;'"/\,.?! $2.0.12$64-bit$An internal function call failed.$AutoHotkey$EndChars$Failed to load DLL.$False$Force$Ignore$Invalid usage.$NoMouse$Off$Out of memory.$Parameter #1 invalid.$Parameter #1 required$Parameter #2 invalid.$Prompt$Script library not found.$This script requires %s.Current interpreter: %s v%s %s%s$True
API String ID: 929950356-295339018
Opcode ID: bcacad47c493cd0898b87b46b3b26d4b111d29f6581e7cc20806e376e54685db
Instruction ID: 1991b585c3875c1518d9f1be416728aa9f7507a387a0b9e0f1809bd83cc56d09
Opcode Fuzzy Hash: bcacad47c493cd0898b87b46b3b26d4b111d29f6581e7cc20806e376e54685db
Instruction Fuzzy Hash: 2C92CE75200641A1FB67AB17A9503FA33A1AB4DBC4F868036FF4A476F5EB38C945D309

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400485B0 Relevance: 79.4, APIs: 4, Strings: 40, Instructions: 2379COMMON

Download Yara Rule

Strings

Not a valid method, class or property definition., xrefs: 000000014004A812, 000000014004A838, 000000014004A89A, 000000014004A8A9
%s up, xrefs: 00000001400492AE
AltTabAndMenu, xrefs: 00000001400494A6
This hotstring is missing its abbreviation., xrefs: 000000014004A1EE, 000000014004A215, 000000014004A256, 000000014004A26D
Default, xrefs: 00000001400498F1
Note: The hotkey %s will not be active because it does not exist in the current keyboard layout., xrefs: 0000000140049629
!#^+, xrefs: 000000014004917D
SetMouseDelay, xrefs: 000000014004912B
{RCtrl up}, xrefs: 0000000140049208
Duplicate hotkey., xrefs: 0000000140049F81, 0000000140049F98
& , xrefs: 0000000140048F52
Hotkey or hotstring is missing its opening brace., xrefs: 00000001400495CA, 0000000140049749, 0000000140049E7F, 0000000140049EB4, 0000000140049F16, 0000000140049F30, 000000014004A0D3, 000000014004A13D, 000000014004A151, 000000014004A16A, 000000014004A18F, 000000014004A39E, 000000014004A3C5, 000000014004A3FC
SetKeyDelay, xrefs: 0000000140049121
Send("{Blind%s}%s%s{%s DownR}"), xrefs: 000000014004922E
Pause, xrefs: 000000014004909D
Static, xrefs: 0000000140049C1D
Prototype, xrefs: 0000000140048B61
!GetKeyState("%s")&&, xrefs: 0000000140049163
AltTabMenu, xrefs: 0000000140049489
Out of memory. The current thread will exit., xrefs: 000000014004ACA4
This line does not contain a recognized action., xrefs: 000000014004A71E, 000000014004A744, 000000014004A7A6, 000000014004A7B5
%s%s%s, xrefs: 0000000140049014
Missing "}", xrefs: 000000014004A9B7, 000000014004AA88, 000000014004AAAE, 000000014004AB10, 000000014004AB1F
Out of memory., xrefs: 000000014004A01B, 000000014004A08F, 000000014004A0A6, 000000014004ABF8, 000000014004AC2D, 000000014004ACD9, 000000014004ACEA
Get, xrefs: 0000000140049B33
AltTab, xrefs: 0000000140049452
Class, xrefs: 0000000140049982
{LCtrl up}, xrefs: 0000000140049211
Functions cannot contain classes., xrefs: 000000014004A54E, 000000014004A575, 000000014004A5B6, 000000014004A5CD
%s(-1),Send("{Blind}{%s Up}"), xrefs: 0000000140049328
AltTabMenuDismiss, xrefs: 00000001400494C3
<>=/|^,?:*&~!()[]{}%+-."', xrefs: 00000001400499C6
Not a valid property getter/setter., xrefs: 000000014004A62A, 000000014004A650, 000000014004A6B2, 000000014004A6C1
ShiftAltTab, xrefs: 000000014004946C
%s(-1),, xrefs: 0000000140049139
Unexpected "{", xrefs: 000000014004A8FE, 000000014004A927, 000000014004A963, 000000014004A97C
Hotkeys/hotstrings are not allowed inside functions or classes., xrefs: 000000014004A2CF, 000000014004A2F3, 000000014004A334, 000000014004A34B
#HotIf, xrefs: 0000000140048A5C
Missing "{", xrefs: 000000014004A45E, 000000014004A484, 000000014004A4E6, 000000014004A4F5
Set, xrefs: 0000000140049B4E

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID:
String ID: <>=/|^,?:*&~!()[]{}%+-."'$ & $!#^+$!GetKeyState("%s")&&$#HotIf$%s up$%s%s%s$%s(-1),$%s(-1),Send("{Blind}{%s Up}")$AltTab$AltTabAndMenu$AltTabMenu$AltTabMenuDismiss$Class$Default$Duplicate hotkey.$Functions cannot contain classes.$Get$Hotkey or hotstring is missing its opening brace.$Hotkeys/hotstrings are not allowed inside functions or classes.$Missing "{"$Missing "}"$Not a valid method, class or property definition.$Not a valid property getter/setter.$Note: The hotkey %s will not be active because it does not exist in the current keyboard layout.$Out of memory.$Out of memory. The current thread will exit.$Pause$Prototype$Send("{Blind%s}%s%s{%s DownR}")$Set$SetKeyDelay$SetMouseDelay$ShiftAltTab$Static$This hotstring is missing its abbreviation.$This line does not contain a recognized action.$Unexpected "{"${LCtrl up}${RCtrl up}
API String ID: 0-3398015377
Opcode ID: 35241ffc1939e852beca7e42608ad04908f9a60bcc7ffa52e8df467c16ede667
Instruction ID: c80eb8b76e53a665eae6f8af3fa5cf49b7cf587dbe334096f640d2a71abe110b
Opcode Fuzzy Hash: 35241ffc1939e852beca7e42608ad04908f9a60bcc7ffa52e8df467c16ede667
Instruction Fuzzy Hash: 2133AA7260468485FB62DB67A5407EA27A1FB4DBC8F464036FF8907AF9DB78C945C308

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400462B0 Relevance: 56.2, APIs: 26, Strings: 6, Instructions: 246
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000000014009E980: LoadLibraryExW.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,0000000140046339), ref: 000000014009E9B7
Part of subcall function 000000014009E980: FindResourceW.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,0000000140046339), ref: 000000014009EA3C
Part of subcall function 000000014009E980: LoadResource.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,0000000140046339), ref: 000000014009EA51
Part of subcall function 000000014009E980: LockResource.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,0000000140046339), ref: 000000014009EA63
Part of subcall function 000000014009E980: GetSystemMetrics.USER32 ref: 000000014009EA84
Part of subcall function 000000014009E980: FindResourceW.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,0000000140046339), ref: 000000014009EB09
Part of subcall function 000000014009E980: LoadResource.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,0000000140046339), ref: 000000014009EB1D

GetSystemMetrics.USER32 ref: 0000000140046343

Part of subcall function 000000014009E980: EnumResourceNamesW.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,0000000140046339), ref: 000000014009EA1F
Part of subcall function 000000014009E980: LockResource.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,0000000140046339), ref: 000000014009EB2B
Part of subcall function 000000014009E980: SizeofResource.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,0000000140046339), ref: 000000014009EB3F
Part of subcall function 000000014009E980: CreateIconFromResourceEx.USER32 ref: 000000014009EB62

LoadCursorW.USER32 ref: 0000000140046385
RegisterClassExW.USER32 ref: 00000001400463AC
GetForegroundWindow.USER32 ref: 00000001400463C3
GetClassNameW.USER32 ref: 00000001400463DF
SystemParametersInfoW.USER32 ref: 0000000140046416
CreateWindowExW.USER32 ref: 000000014004649A
GetMenu.USER32 ref: 00000001400464EF
EnableMenuItem.USER32 ref: 0000000140046506
EnableMenuItem.USER32 ref: 0000000140046523
EnableMenuItem.USER32 ref: 0000000140046537
EnableMenuItem.USER32 ref: 000000014004654B
EnableMenuItem.USER32 ref: 000000014004655F

Strings

Consolas, xrefs: 00000001400465F0
Shell_TrayWnd, xrefs: 00000001400463E9
RegClass, xrefs: 00000001400463B7
AutoHotkey, xrefs: 00000001400462F8
CreateWindow, xrefs: 0000000140046702
Edit, xrefs: 00000001400465A4

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Resource$Menu$EnableItem$Load$System$ClassCreateFindLockMetricsWindow$CursorEnumForegroundFromIconInfoLibraryNameNamesParametersRegisterSizeof
String ID: AutoHotkey$Consolas$CreateWindow$Edit$RegClass$Shell_TrayWnd
API String ID: 733243997-3694373331
Opcode ID: 60c5484ce5775ca2fbf19e0d0dbc98147a3a6a563503ef9be8756f857963125e
Instruction ID: 6475c53defba19de3d7059dc77b75882bffed2b9c63eb8790c744d3e07964ad7
Opcode Fuzzy Hash: 60c5484ce5775ca2fbf19e0d0dbc98147a3a6a563503ef9be8756f857963125e
Instruction Fuzzy Hash: E4C16F72604B8086E762DF26F8547AA77A2FB8CB90F544129EB8A47B74DF39C445CB10

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140045A80 Relevance: 33.5, APIs: 17, Strings: 2, Instructions: 212
windowcomclipboardCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

UnhookWindowsHookEx.USER32 ref: 0000000140045AB5
UnregisterHotKey.USER32 ref: 0000000140045B01
Shell_NotifyIconW.SHELL32 ref: 0000000140045B6C
RemoveClipboardFormatListener.USER32 ref: 0000000140045B8B
DestroyWindow.USER32 ref: 0000000140045BA6
DeleteObject.GDI32 ref: 0000000140045BF1
DestroyIcon.USER32 ref: 0000000140045C13
DestroyIcon.USER32 ref: 0000000140045C20
RemoveMenu.USER32 ref: 0000000140045C51
DestroyMenu.USER32 ref: 0000000140045C64

Part of subcall function 000000014008ACC0: RemoveMenu.USER32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,0000000140045C76), ref: 000000014008AD02
Part of subcall function 000000014008ACC0: SetMenuItemInfoW.USER32 ref: 000000014008AD3F
Part of subcall function 000000014008ACC0: DeleteObject.GDI32 ref: 000000014008AD49

DeleteObject.GDI32 ref: 0000000140045C7F
IsWindow.USER32 ref: 0000000140045CA8
DestroyWindow.USER32 ref: 0000000140045CB5
mciSendStringW.WINMM ref: 0000000140045CE3
mciSendStringW.WINMM ref: 0000000140045D00
DeleteCriticalSection.KERNEL32 ref: 0000000140045D0D
OleUninitialize.OLE32 ref: 0000000140045D13

Strings

close AHK_PlayMe, xrefs: 0000000140045CF9
status AHK_PlayMe mode, xrefs: 0000000140045CDC

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Destroy$DeleteMenu$IconObjectRemoveWindow$SendString$ClipboardCriticalFormatHookInfoItemListenerNotifySectionShell_UnhookUninitializeUnregisterWindows
String ID: close AHK_PlayMe$status AHK_PlayMe mode
API String ID: 1504401695-1474590089
Opcode ID: 03d74eb78b3e7f3522c10f87242200a8b1b4fe20afee92979267be5ddf5f4508
Instruction ID: 89fb53ecffa7ac3b92ee77e636b00497143523e32b7a7474fa0bb93b66461368
Opcode Fuzzy Hash: 03d74eb78b3e7f3522c10f87242200a8b1b4fe20afee92979267be5ddf5f4508
Instruction Fuzzy Hash: 6AA17C71301A8086EB66AF23E8847E923A1FB4CFC5F098129EB4A57776DF38C841C754

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140047FE4 Relevance: 26.6, APIs: 9, Strings: 6, Instructions: 326
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

#Include, xrefs: 00000001400484AA
%s file "%s" cannot be opened., xrefs: 00000001400484BF
Script, xrefs: 00000001400484B8
Out of memory., xrefs: 00000001400480AB
*#2, xrefs: 00000001400483C1
Too many includes., xrefs: 000000014004805B

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID:
String ID: #Include$%s file "%s" cannot be opened.$*#2$Out of memory.$Script$Too many includes.
API String ID: 0-3189951223
Opcode ID: 25f58abcf70877d0393e6d7fe61fabe6833a0ce33ad76f4ee644de108c0889b3
Instruction ID: 071d7d19930db8cf6a1b97dbbb6062903cf83215d0a502699230673e9709ca69
Opcode Fuzzy Hash: 25f58abcf70877d0393e6d7fe61fabe6833a0ce33ad76f4ee644de108c0889b3
Instruction Fuzzy Hash: 6EE1CD71201B8186EB729F12E9547ED63A4FB4CBC4F46483AEF4A07AB5EB78C545C704

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140048F27 Relevance: 24.9, APIs: 2, Strings: 12, Instructions: 369COMMON

Download Yara Rule

APIs

GetKeyboardLayout.USER32 ref: 0000000140048F36
IsCharUpperW.USER32 ref: 0000000140048FD3

Strings

!#^+, xrefs: 000000014004917D
%s up, xrefs: 00000001400492AE
%s(-1),Send("{Blind}{%s Up}"), xrefs: 0000000140049328
%s%s%s, xrefs: 0000000140049014
{RCtrl up}, xrefs: 0000000140049208
SetMouseDelay, xrefs: 000000014004912B
%s(-1),, xrefs: 0000000140049139
& , xrefs: 0000000140048F52
Send("{Blind%s}%s%s{%s DownR}"), xrefs: 000000014004922E
SetKeyDelay, xrefs: 0000000140049121
Pause, xrefs: 000000014004909D
!GetKeyState("%s")&&, xrefs: 0000000140049163

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CharKeyboardLayoutUpper
String ID: & $!#^+$!GetKeyState("%s")&&$%s up$%s%s%s$%s(-1),$%s(-1),Send("{Blind}{%s Up}")$Pause$Send("{Blind%s}%s%s{%s DownR}")$SetKeyDelay$SetMouseDelay${RCtrl up}
API String ID: 1521781519-2990349010
Opcode ID: a505fd65d52362747c50e748234c228e89114a8adeb066afcacdbe131fd8502e
Instruction ID: bc3f60fe87f896683faf5c12d9819453134d8fd18d66f112445d21b02f982599
Opcode Fuzzy Hash: a505fd65d52362747c50e748234c228e89114a8adeb066afcacdbe131fd8502e
Instruction Fuzzy Hash: 57F1BD72604A9185EB62DB62E4503EE77A1FB497C8F850536FF4A07AB9DB38C505C308

Uniqueness

Uniqueness Score: -1.00%

Function 000000014009D920 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 142
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindFirstFileW.KERNELBASE ref: 000000014009DA3C
FindClose.KERNELBASE ref: 000000014009DA52
FindFirstFileW.KERNELBASE ref: 000000014009DAD7
FindClose.KERNEL32 ref: 000000014009DAE5

Strings

\, xrefs: 000000014009D9BA
\, xrefs: 000000014009D98A

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID: \$\
API String ID: 2295610775-164819647
Opcode ID: e73b8370de9c52d677202e87a8e53b8dff247f877d796e0f2042b67aaafdd296
Instruction ID: 3da68db80bccb2b57e221103536c07f3acd12d97c06b99c414afd54245188084
Opcode Fuzzy Hash: e73b8370de9c52d677202e87a8e53b8dff247f877d796e0f2042b67aaafdd296
Instruction Fuzzy Hash: 06519E32715A94D6EB16DF12E4093DA73A5FB48BC4F85C122EB49537A4EF78C64AC340

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140004B30 Relevance: 28.3, APIs: 9, Strings: 7, Instructions: 273
sleepwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindWindowW.USER32 ref: 0000000140004CBC
FindWindowW.USER32 ref: 0000000140004D2B
PostMessageW.USER32 ref: 0000000140004D4F
Sleep.KERNEL32 ref: 0000000140004D5C
IsWindow.USER32 ref: 0000000140004D65
Sleep.KERNEL32 ref: 0000000140004DA1
IsWindow.USER32 ref: 0000000140004DAA
Sleep.KERNEL32 ref: 0000000140004DB9
FindResourceW.KERNELBASE ref: 0000000140004E5A

Strings

*#1, xrefs: 0000000140004E65
A_Args, xrefs: 00000001400050F4, 0000000140005154
d, xrefs: 0000000140004D70
An older instance of this script is already running. Replace it with this instance?Note: To avoid this message, see #SingleInsta, xrefs: 0000000140004CE5
/restart, xrefs: 0000000140004E9C
AutoHotkey, xrefs: 0000000140004CB5, 0000000140004D24
Could not close the previous instance of this script. Keep waiting?, xrefs: 0000000140004D83

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Window$FindSleep$MessagePostResource
String ID: *#1$/restart$A_Args$An older instance of this script is already running. Replace it with this instance?Note: To avoid this message, see #SingleInsta$AutoHotkey$Could not close the previous instance of this script. Keep waiting?$d
API String ID: 4027887910-2453278139
Opcode ID: 7643cd0efcfef7604e2082d1e8aadb2e995d0cd05a43aa146ba4a6acac645d38
Instruction ID: 54ed6987dece338f4776e2d73625c44d2a38d9c5d190a044efed92027d1a3ece
Opcode Fuzzy Hash: 7643cd0efcfef7604e2082d1e8aadb2e995d0cd05a43aa146ba4a6acac645d38
Instruction Fuzzy Hash: 5DC169B1204B8586FB12DF16E8543EA77A1FB88BC4F458229EB49477B6EF78C445CB10

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140060E70 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 263
registrywindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegisterWindowMessageW.USER32 ref: 0000000140060EB1

Strings

TaskbarCreated, xrefs: 0000000140060EA3
9000, xrefs: 0000000140061882
AHK_ATTACH_DEBUGGER, xrefs: 00000001400611FE
D, xrefs: 0000000140060F29

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: MessageRegisterWindow
String ID: 9000$AHK_ATTACH_DEBUGGER$D$TaskbarCreated
API String ID: 1814269913-853869076
Opcode ID: a624705b9db8bf2b896bd8577e0d78edfdd48db9fd4b730aeae411b211e85d5b
Instruction ID: 4ebc5bbcfbca28030c3ab52e73f59fd0d4c871012c7746474e1565f3772997f6
Opcode Fuzzy Hash: a624705b9db8bf2b896bd8577e0d78edfdd48db9fd4b730aeae411b211e85d5b
Instruction Fuzzy Hash: 59C1C37260028086FB63CB27AC503E937A3B78DBD4F68492AEB4D576B1DB38C495D710

Uniqueness

Uniqueness Score: -1.00%

Function 000000014009E980 Relevance: 19.7, APIs: 13, Instructions: 171
windowlibraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,0000000140046339), ref: 000000014009E9B7
EnumResourceNamesW.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,0000000140046339), ref: 000000014009EA1F
FindResourceW.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,0000000140046339), ref: 000000014009EA3C
LoadResource.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,0000000140046339), ref: 000000014009EA51
LockResource.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,0000000140046339), ref: 000000014009EA63
GetSystemMetrics.USER32 ref: 000000014009EA84
FindResourceW.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,0000000140046339), ref: 000000014009EB09
LoadResource.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,0000000140046339), ref: 000000014009EB1D
LockResource.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,0000000140046339), ref: 000000014009EB2B
SizeofResource.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,0000000140046339), ref: 000000014009EB3F
CreateIconFromResourceEx.USER32 ref: 000000014009EB62
FreeLibrary.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,0000000140046339), ref: 000000014009EB9D
ExtractIconW.SHELL32 ref: 000000014009EBC3

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Resource$Load$FindIconLibraryLock$CreateEnumExtractFreeFromMetricsNamesSizeofSystem
String ID:
API String ID: 766211583-0
Opcode ID: 634d3ad30fd8c1ba5778364d75b1d6f66767c1cd8bef2732322fd43d425cc5ba
Instruction ID: b0e8d27c0cec4f20f709b46babda9b7ccb174eb451a15dd575d6ff077e1abdb3
Opcode Fuzzy Hash: 634d3ad30fd8c1ba5778364d75b1d6f66767c1cd8bef2732322fd43d425cc5ba
Instruction Fuzzy Hash: D351AC71306A9085EB669F17A5903BB63A1BB4CFD0F588029FF4B57BA4DB3CD8469700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014005AD39 Relevance: 16.2, APIs: 4, Strings: 5, Instructions: 464windowCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 000000014005A087
PeekMessageW.USER32 ref: 000000014005A0B8
GetTickCount.KERNEL32 ref: 000000014005A0CF
GetTickCount.KERNEL32 ref: 000000014005A145

Strings

I, xrefs: 000000014005AEF8
Out of memory., xrefs: 000000014005AE4B
I, xrefs: 000000014005B10D
Parameter #2 invalid., xrefs: 000000014005AF20
String, xrefs: 000000014005AFC8

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CountTick$MessagePeek
String ID: I$I$Out of memory.$Parameter #2 invalid.$String
API String ID: 4145102785-4155359328
Opcode ID: e426187927252d3bfd61b6de8c15d4f607ed7e4c3f068af3a79941f98d5d4e7c
Instruction ID: 8715b352e98104ab6c45b0e643c6807df1a6a02983556ad471a07c49402b7772
Opcode Fuzzy Hash: e426187927252d3bfd61b6de8c15d4f607ed7e4c3f068af3a79941f98d5d4e7c
Instruction Fuzzy Hash: 2D228872601B80CAFB62CF66E8547EE37A5F749BC8F544125EB4A47AB5DB3AD480C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400478F2 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 204
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesW.KERNELBASE ref: 00000001400478F5
SetDllDirectoryW.KERNEL32 ref: 0000000140047A26
SetCurrentDirectoryW.KERNEL32 ref: 0000000140047C36

Strings

Script file not found., xrefs: 000000014004790D, 0000000140047960
Unknown class., xrefs: 0000000140047BE9, 0000000140047C11
Line, xrefs: 0000000140047B60
%s%s, xrefs: 0000000140047919
An internal function call failed., xrefs: 0000000140047A3E

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Directory$AttributesCurrentFile
String ID: %s%s$An internal function call failed.$Line$Script file not found.$Unknown class.
API String ID: 3162783167-1827641252
Opcode ID: 715239dba67184b5a1cb22597ef0554ffa9bedbfe9708fe999cda1de76f3e97b
Instruction ID: 582ea48f4903573bb8d5fc8dcea2a987374cf8de2f7c4cc262f6635a70a36d1b
Opcode Fuzzy Hash: 715239dba67184b5a1cb22597ef0554ffa9bedbfe9708fe999cda1de76f3e97b
Instruction Fuzzy Hash: 5AA14DB1210A4581FB63DB17E890BEA33A1F78CBC0F95512AEB8D536B5DB38C945C744

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140045DF0 Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 307
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameW.KERNEL32(?,?,?,?,00000001,00000000,00000000,00000001400051BC), ref: 0000000140045E2D
GetFullPathNameW.KERNEL32(?,?,?,00000001,00000000,00000000,00000001400051BC), ref: 0000000140046092

Strings

*, xrefs: 0000000140045FF0
*#1, xrefs: 0000000140046175
- %s, xrefs: 000000014004620E
AutoHotkey v2.0.12, xrefs: 0000000140046207

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Name$FileFullModulePath
String ID: - %s$*$*#1$AutoHotkey v2.0.12
API String ID: 1235081036-368449842
Opcode ID: a204423d456522bf93164e03dbb0014e4869b66389150ebb5a93ec5773f5ef86
Instruction ID: 4f52891cb8d1d47bd48faf49c9de3c251a2371810bcd9dd52d5b8a51af36ce25
Opcode Fuzzy Hash: a204423d456522bf93164e03dbb0014e4869b66389150ebb5a93ec5773f5ef86
Instruction Fuzzy Hash: 39C19E32201B8595EE66DF22D0543EA63A0FB4C7C4F4A4135AB4D477E5FBB8C549CB05

Uniqueness

Uniqueness Score: -1.00%

Function 000000014005A3C0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 245
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Parameter #1 invalid., xrefs: 000000014005B48B
Parameter #2 invalid., xrefs: 000000014005B502

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID:
String ID: Parameter #1 invalid.$Parameter #2 invalid.
API String ID: 0-2124710225
Opcode ID: 376a78caf84d60c395970f09a97ef638a053951778157a3949332e4e22426cfe
Instruction ID: 2fcb691cda60fa59801dae51d187950b3ba595484a27f103a646e3e8fee40ccd
Opcode Fuzzy Hash: 376a78caf84d60c395970f09a97ef638a053951778157a3949332e4e22426cfe
Instruction Fuzzy Hash: 63C1CA72605A84CAF762CF2AE8447EA37A4F74DBC8F544119FB49476B5DB3AC881C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014005A9B7 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 405
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 000000014005A087

Strings

Jumps cannot exit a FINALLY block., xrefs: 000000014005B5A2

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CountTick
String ID: Jumps cannot exit a FINALLY block.
API String ID: 536389180-672026804
Opcode ID: c78194a834533b78461066faae96fa62f7908b71ee353a7a5455a137114582bd
Instruction ID: 0d371d3b79bcd3a3dc5b8ab90543bd4cfd297cad639536e9cdadb1041485a0a0
Opcode Fuzzy Hash: c78194a834533b78461066faae96fa62f7908b71ee353a7a5455a137114582bd
Instruction Fuzzy Hash: 00127C72202A8486FB62CF26D4507EA37A5F74EBD8F544516FB4A436B6DB3EC885C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014005A88D Relevance: 9.2, APIs: 6, Instructions: 151
registrywindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 000000014005A087
PeekMessageW.USER32 ref: 000000014005A0B8
GetTickCount.KERNEL32 ref: 000000014005A0CF
GetTickCount.KERNEL32 ref: 000000014005A145
GetLastError.KERNEL32 ref: 000000014005A906

Part of subcall function 000000014005CE30: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,000000014005A8EF), ref: 000000014005CEF2
Part of subcall function 000000014005CE30: RegQueryInfoKeyW.ADVAPI32 ref: 000000014005CF3B
Part of subcall function 000000014005CE30: RegCloseKey.ADVAPI32(?,?,?,?,?,000000014005A8EF), ref: 000000014005CF4A

RegCloseKey.ADVAPI32 ref: 000000014005A8FE

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CountTick$Close$ErrorInfoLastMessageOpenPeekQuery
String ID:
API String ID: 823228794-0
Opcode ID: 1db6cb14c4c0eb567d22453a9e77b7a2e8c01fc3d298bc53af106039d1c6cfbb
Instruction ID: 4104aa9c911e3267110fe66e900a1257710a51b20f66925b2b230a8bd8739496
Opcode Fuzzy Hash: 1db6cb14c4c0eb567d22453a9e77b7a2e8c01fc3d298bc53af106039d1c6cfbb
Instruction Fuzzy Hash: 67717972601B848AEB62CF26E8547EE37A1F74DBD8F444219EB49477B9DB3AC485C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014005A765 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 129
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00000001400C0224: _invalid_parameter_noinfo.LIBCMT ref: 00000001400C0241

GetTickCount.KERNEL32 ref: 000000014005A087
PeekMessageW.USER32 ref: 000000014005A0B8
GetTickCount.KERNEL32 ref: 000000014005A0CF
GetTickCount.KERNEL32 ref: 000000014005A145

Strings

CSV, xrefs: 000000014005A765

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CountTick$MessagePeek_invalid_parameter_noinfo
String ID: CSV
API String ID: 899558568-2651001053
Opcode ID: 8f6ee383c0af09506e2d0f9d848b38996d4252da03e4b8b7ef9d24c1039a22a1
Instruction ID: 77e45f125517460bf86c6afc63cce341de6c33b579f706e2a944bd809ab21caf
Opcode Fuzzy Hash: 8f6ee383c0af09506e2d0f9d848b38996d4252da03e4b8b7ef9d24c1039a22a1
Instruction Fuzzy Hash: BC518A72601A848AFB62CF27E8547E937A1F74EBC8F548115EB49472F5DB3AC484C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014005A608 Relevance: 7.7, APIs: 5, Instructions: 185
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 000000014005A087
PeekMessageW.USER32 ref: 000000014005A0B8
GetTickCount.KERNEL32 ref: 000000014005A0CF

Part of subcall function 000000014005A010: GetTickCount.KERNEL32 ref: 000000014005A145

GetTickCount.KERNEL32 ref: 000000014005A713

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CountTick$MessagePeek
String ID:
API String ID: 4145102785-0
Opcode ID: 93c1d918ad317443bf8df0c9c7d8e188f27bdf01d6c17c49f8102e82e691c671
Instruction ID: 33e2600d149920e805574af0d6674e57c9af582ca944070c43e09c5cb24a10ff
Opcode Fuzzy Hash: 93c1d918ad317443bf8df0c9c7d8e188f27bdf01d6c17c49f8102e82e691c671
Instruction Fuzzy Hash: FC917971202A84C9FB62CF27E8547EA33A5F74EBD8F584119EB59472F5DB3AC8858700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140046E40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetTimer.USER32 ref: 0000000140046F33

Strings

Auto-execute, xrefs: 0000000140046FB9

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Timer
String ID: Auto-execute
API String ID: 2870079774-593629425
Opcode ID: c0f0a12dcbd178ad7bef7700392ec235998ee81811fcd78ea4a12773cadba7d4
Instruction ID: ec96fa6d2421463229ee5679f2b2dad60918d804fc3d36ccc341886e9d6b38ec
Opcode Fuzzy Hash: c0f0a12dcbd178ad7bef7700392ec235998ee81811fcd78ea4a12773cadba7d4
Instruction Fuzzy Hash: 1871F976915B84C6E706CF2AE9513A83360F79CF84F059219DB8953732EF39D1D58300

Uniqueness

Uniqueness Score: -1.00%

Function 000000014005A4A1 Relevance: 6.2, APIs: 4, Instructions: 215windowCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 000000014005A087
PeekMessageW.USER32 ref: 000000014005A0B8
GetTickCount.KERNEL32 ref: 000000014005A0CF

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CountTick$MessagePeek
String ID:
API String ID: 4145102785-0
Opcode ID: b8a28d7819c6e5dad951789f027d8f5f1de3b356cb4bba9b3e3d009eaff66893
Instruction ID: cea287ddeeec38fbdf27ef19f598763678142f1cda6d8f1b4df7a1adc33e4a91
Opcode Fuzzy Hash: b8a28d7819c6e5dad951789f027d8f5f1de3b356cb4bba9b3e3d009eaff66893
Instruction Fuzzy Hash: 02A18C72602A8486FB66CF23D554BEE37A1F74EBC8F545115EB49476B9EB3AC880C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014005A1E5 Relevance: 6.2, APIs: 4, Instructions: 197windowCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 000000014005A087
PeekMessageW.USER32 ref: 000000014005A0B8
GetTickCount.KERNEL32 ref: 000000014005A0CF
GetTickCount.KERNEL32 ref: 000000014005A145

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CountTick$MessagePeek
String ID:
API String ID: 4145102785-0
Opcode ID: ca7d7cbddd641fdd44ef46863747d71250011b294a3ff2f5ba0b5e82ddc5d5a6
Instruction ID: 05c5d5791944689f7b82d6c37af088a72164de7a9fc40c12bf6246d2f5090b3b
Opcode Fuzzy Hash: ca7d7cbddd641fdd44ef46863747d71250011b294a3ff2f5ba0b5e82ddc5d5a6
Instruction Fuzzy Hash: DD91AB72606A8486FB62CF27D8547EA27A5F74EBD8F444115FB4A432F6DB3AC885C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014005A7D4 Relevance: 6.2, APIs: 4, Instructions: 155windowCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 000000014005A087
PeekMessageW.USER32 ref: 000000014005A0B8
GetTickCount.KERNEL32 ref: 000000014005A0CF
GetTickCount.KERNEL32 ref: 000000014005A145

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CountTick$MessagePeek
String ID:
API String ID: 4145102785-0
Opcode ID: f27081436feb00235da3a5e2f6d57000c1bb4d6f0bbfcc57f0c0a3f8aee90964
Instruction ID: 89cdc886076ba1d75af60d1f2722bda59dc2f9fe0f6c8b1fb6955e06371d2e18
Opcode Fuzzy Hash: f27081436feb00235da3a5e2f6d57000c1bb4d6f0bbfcc57f0c0a3f8aee90964
Instruction Fuzzy Hash: 2D71BC72601B848AE762DF26E8447EE37A1F74DBD8F448129EB49476F6DB3AC484C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014005B34D Relevance: 6.1, APIs: 4, Instructions: 140windowCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 000000014005A087
PeekMessageW.USER32 ref: 000000014005A0B8
GetTickCount.KERNEL32 ref: 000000014005A0CF
GetTickCount.KERNEL32 ref: 000000014005A145

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CountTick$MessagePeek
String ID:
API String ID: 4145102785-0
Opcode ID: 701e7b3b280401927e8f146b5fec901fb4fb66b2a7c23f7110feb716d115e464
Instruction ID: b38e67661f4da5c4e1c25a6bcd427caf48553ed82718d1087719ff6e5aed400d
Opcode Fuzzy Hash: 701e7b3b280401927e8f146b5fec901fb4fb66b2a7c23f7110feb716d115e464
Instruction Fuzzy Hash: 6C618A72600A84C6F762DB26A8487EA37A1F74EBD8F484115EB59472F6CB3AD885C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014005B3D7 Relevance: 6.1, APIs: 4, Instructions: 134windowCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 000000014005A087
PeekMessageW.USER32 ref: 000000014005A0B8
GetTickCount.KERNEL32 ref: 000000014005A0CF
GetTickCount.KERNEL32 ref: 000000014005A145

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CountTick$MessagePeek
String ID:
API String ID: 4145102785-0
Opcode ID: 101944649037532cff4ceef2b7d28f380bc817f90ef5cc58cdf9c6264ee92a78
Instruction ID: 9e27009333dccea02e73c56fec57911c6250ae5aedc69a497e1fd0a0c658a74e
Opcode Fuzzy Hash: 101944649037532cff4ceef2b7d28f380bc817f90ef5cc58cdf9c6264ee92a78
Instruction Fuzzy Hash: 3A51B072601A84C6FBA2CF2AE8447E937A5F74DBD8F544215EB59472F1DB3AC885C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014005A010 Relevance: 6.1, APIs: 4, Instructions: 130windowCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 000000014005A087
PeekMessageW.USER32 ref: 000000014005A0B8
GetTickCount.KERNEL32 ref: 000000014005A0CF
GetTickCount.KERNEL32 ref: 000000014005A145

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CountTick$MessagePeek
String ID:
API String ID: 4145102785-0
Opcode ID: 27c0e841c87dd67aedfc00afb4026fa3a3f1076ed7cdc8acf5abef5c362ac76d
Instruction ID: 438df62315db4ed99b0bd879fad8fb29dcaaaeeab9f01469f8c50d10f724a5d2
Opcode Fuzzy Hash: 27c0e841c87dd67aedfc00afb4026fa3a3f1076ed7cdc8acf5abef5c362ac76d
Instruction Fuzzy Hash: B551E172601A84CAF762CF26E8447EA37A1F74DB98F548215EB59432F5DB3EC885C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014005A7A4 Relevance: 6.1, APIs: 4, Instructions: 124windowCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014005DCF0: GetCPInfo.KERNEL32 ref: 000000014005DD6C
Part of subcall function 000000014005DCF0: GetLastError.KERNEL32 ref: 000000014005DDC0
Part of subcall function 000000014005DCF0: WriteFile.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,000000014005A7CC), ref: 000000014005E4CB
Part of subcall function 000000014005DCF0: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,000000014005A7CC), ref: 000000014005E4F6

GetTickCount.KERNEL32 ref: 000000014005A087
PeekMessageW.USER32 ref: 000000014005A0B8
GetTickCount.KERNEL32 ref: 000000014005A0CF
GetTickCount.KERNEL32 ref: 000000014005A145

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CountTick$CloseErrorFileHandleInfoLastMessagePeekWrite
String ID:
API String ID: 3918787817-0
Opcode ID: ae1c02854b2eed30d8de55c230565e1e3098524140e3c9704299990655672280
Instruction ID: 68c450f79c0b0d4e2acf305779ab9c34387453eb9bb25e28cf16908fa37fb13a
Opcode Fuzzy Hash: ae1c02854b2eed30d8de55c230565e1e3098524140e3c9704299990655672280
Instruction Fuzzy Hash: 66519C72601B84CAF762CF26E8447E937A1F74DBC8F544119EB49472B5DB3AC484C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014005A746 Relevance: 6.1, APIs: 4, Instructions: 121windowCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 000000014005A087
PeekMessageW.USER32 ref: 000000014005A0B8
GetTickCount.KERNEL32 ref: 000000014005A0CF
GetTickCount.KERNEL32 ref: 000000014005A145

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CountTick$MessagePeek
String ID:
API String ID: 4145102785-0
Opcode ID: f9bbfbd3d0dfd58b6f0c40e7ddabee6743906e268dcd8ff465bac07e4c6a7338
Instruction ID: bb4b00c16a850494f34076c5bdf2c9cbebf0e1d266ef25a1e1f8b62f4922d03b
Opcode Fuzzy Hash: f9bbfbd3d0dfd58b6f0c40e7ddabee6743906e268dcd8ff465bac07e4c6a7338
Instruction Fuzzy Hash: 25519A72601A84CAFB62CF26E8447E937A1F74EBC8F548119EB59472F5DB3AC885C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014005B2E8 Relevance: 6.1, APIs: 4, Instructions: 116windowCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 000000014005A087
PeekMessageW.USER32 ref: 000000014005A0B8
GetTickCount.KERNEL32 ref: 000000014005A0CF
GetTickCount.KERNEL32 ref: 000000014005A145

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CountTick$MessagePeek
String ID:
API String ID: 4145102785-0
Opcode ID: ed110d608cae22be87ae80aaf9a9fd23f5108ba85e6880a03b78dde776243354
Instruction ID: ec7eac28983779933543574940b67126e0e60a64a2f5cdc49470eacb6d6e4039
Opcode Fuzzy Hash: ed110d608cae22be87ae80aaf9a9fd23f5108ba85e6880a03b78dde776243354
Instruction Fuzzy Hash: FB518B72601A84CAFB62DF2698487EA37A1F74EBC8F544119EB09472F5DB3EC885C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014005A37A Relevance: 6.1, APIs: 4, Instructions: 113windowCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 000000014005A087
PeekMessageW.USER32 ref: 000000014005A0B8
GetTickCount.KERNEL32 ref: 000000014005A0CF
GetTickCount.KERNEL32 ref: 000000014005A145

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CountTick$MessagePeek
String ID:
API String ID: 4145102785-0
Opcode ID: 06cb773facb954db88a19da592f633fd18e872253058def5fd3782ad05fe57d2
Instruction ID: 941738e0055236f6d5b47f32b2bcfd631a6ad54dbd402d2b4a811278d6cb2207
Opcode Fuzzy Hash: 06cb773facb954db88a19da592f633fd18e872253058def5fd3782ad05fe57d2
Instruction Fuzzy Hash: AA518A72601A84CAFB62CF26D8447EA37A1F74EBC8F548119EB19472F5DB3AC885C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400764F0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 287timeCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0000000140076932
SetTimer.USER32 ref: 0000000140076970

Strings

Out of memory., xrefs: 00000001400765E1

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CountTickTimer
String ID: Out of memory.
API String ID: 3511537334-4087320997
Opcode ID: e86f3febd6f7aa6ad50afb119e2a6d95bdefe8b0b5e174018a34303c3c6a4361
Instruction ID: 3dde8d9698fe01c46c6c01ad8ec5a7a0fb188b7571f57588f77488c52755c0ef
Opcode Fuzzy Hash: e86f3febd6f7aa6ad50afb119e2a6d95bdefe8b0b5e174018a34303c3c6a4361
Instruction Fuzzy Hash: B3D1BF72608B8485EB67AB66E8507EA77A5F78CBC4F58011AEB8A037B5DF3CC455C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014006100C Relevance: 4.5, APIs: 3, Instructions: 35COMMON

Download Yara Rule

APIs

ShowWindow.USER32 ref: 0000000140061024
MoveWindow.USER32 ref: 0000000140061055
DefWindowProcW.USER32 ref: 0000000140061914

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Window$MoveProcShow
String ID:
API String ID: 3725351834-0
Opcode ID: dc866f74383fb8820a29d1cbf2682560067a18ef2306e1bfc556eead18677c75
Instruction ID: 0b611768745a4099534d712a02f5409cb0b07aca89ad3c9e734742cc4a678c7a
Opcode Fuzzy Hash: dc866f74383fb8820a29d1cbf2682560067a18ef2306e1bfc556eead18677c75
Instruction Fuzzy Hash: CE01A47221459085E7629B13AC513E96292FB8CBE5F148816EE8E83B74CF78C0869720

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400612EB Relevance: 4.5, APIs: 3, Instructions: 34timeCOMMON

Download Yara Rule

APIs

ShowWindow.USER32 ref: 000000014006114C
GetCurrentProcessId.KERNEL32 ref: 00000001400612EB
EnumWindows.USER32 ref: 0000000140061303

Part of subcall function 00000001400A1B30: GetWindowThreadProcessId.USER32 ref: 00000001400A1B48
Part of subcall function 00000001400A1B30: GetForegroundWindow.USER32(?,?,00000000,00000000,00000002,80000000,0000000140020ED2), ref: 00000001400A1B69
Part of subcall function 00000001400A1B30: IsIconic.USER32 ref: 00000001400A1B75
Part of subcall function 00000001400A1B30: ShowWindow.USER32(?,?,00000000,00000000,00000002,80000000,0000000140020ED2), ref: 00000001400A1B87

SetTimer.USER32 ref: 0000000140061345

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Window$ProcessShow$CurrentEnumForegroundIconicThreadTimerWindows
String ID:
API String ID: 862268643-0
Opcode ID: ceb5ba47a822f3d4eda79089171ce7273da0ff323020f9e3d620d1710c5a1474
Instruction ID: 9c472f77364e141725e8c3fdb0b8ee2f6e603dd9fbbc7cdd6f0b157d8d1024ce
Opcode Fuzzy Hash: ceb5ba47a822f3d4eda79089171ce7273da0ff323020f9e3d620d1710c5a1474
Instruction Fuzzy Hash: FD012836600A8594EB228F66FC503D963A2BB8CBD4F284426DF0D87774DF38C4868710

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400634B0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31COMMON

Download Yara Rule

APIs

SetCurrentDirectoryW.KERNELBASE(?,?,?,000000014003D5DA), ref: 00000001400634EB

Strings

:, xrefs: 00000001400634DB

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CurrentDirectory
String ID: :
API String ID: 1611563598-336475711
Opcode ID: c21feff3373a2bdcd24616ab868a5c1856d5d43183ef52ea47b6e48051914c54
Instruction ID: 499f02814f42ff9356671dff2bcd092a9539322170032e95a6aa3c3f60800075
Opcode Fuzzy Hash: c21feff3373a2bdcd24616ab868a5c1856d5d43183ef52ea47b6e48051914c54
Instruction Fuzzy Hash: 01F02462A2064081EF678B53A8443F662B0EB1CB88F58A406F70A472E0FB3DC4C7C790

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140099700 Relevance: 3.1, APIs: 2, Instructions: 144COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?,?,000000014000F5ED,?,?,?,?,?,?,?,?,?,?,?,001207A1), ref: 0000000140099755
GetCPInfo.KERNEL32(?,?,?,000000014000F5ED,?,?,?,?,?,?,?,?,?,?,?,001207A1), ref: 000000014009985C

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Info
String ID:
API String ID: 1807457897-0
Opcode ID: 5ce00c56c794aa4379e89e62a0b0a1b43b952de851a58576c06746913a481660
Instruction ID: 88657818d1bf5915f48b7f3a7c941ffc201772b56076c5c1f7ec4c08b04191b6
Opcode Fuzzy Hash: 5ce00c56c794aa4379e89e62a0b0a1b43b952de851a58576c06746913a481660
Instruction Fuzzy Hash: F6516432615B4086EB65CF2BE04439E77A5E78AFD8F48811AEB49077E8DF38C845CB51

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140045840 Relevance: 3.1, APIs: 2, Instructions: 90comCOMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32(?,?,?,0000000140001189), ref: 0000000140045A60
OleInitializeWOW.OLE32 ref: 0000000140045A68

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Initialize$CriticalSection
String ID:
API String ID: 49594357-0
Opcode ID: 3882862bd4973286bc26a2fc48a4ffdcafcfc4d842ab72e8a7f056242dace125
Instruction ID: 118a13e5a465747b4d8a83e116a6f8d5c4995d0a7f1a88b542014b8385c10bae
Opcode Fuzzy Hash: 3882862bd4973286bc26a2fc48a4ffdcafcfc4d842ab72e8a7f056242dace125
Instruction Fuzzy Hash: E35170B1411F8985F3038F97BC91BE237A9BB5DB10F98126DD698A3231DB78C1A4C350

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140061281 Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32 ref: 00000001400612DE
DefWindowProcW.USER32 ref: 0000000140061914

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: MessagePostProcWindow
String ID:
API String ID: 1517762806-0
Opcode ID: 7ae07f0ae93fab94fd9c50de429fb3bb20a423747e4f8f2bac26705ffea3adba
Instruction ID: 3a99f0241fd8384ad7c87fb58b99034d81173d6656c3c69541b5bd5727beeff6
Opcode Fuzzy Hash: 7ae07f0ae93fab94fd9c50de429fb3bb20a423747e4f8f2bac26705ffea3adba
Instruction Fuzzy Hash: C8018F3131068581EB724B27AD257EA1392EB8DBD9F284816DF4D977B4DA38C5868320

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140061352 Relevance: 3.0, APIs: 2, Instructions: 41windowCOMMON

Download Yara Rule

APIs

ShowWindow.USER32 ref: 000000014006114C
GetTickCount.KERNEL32 ref: 0000000140061381
PostMessageW.USER32 ref: 00000001400613C8

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CountMessagePostShowTickWindow
String ID:
API String ID: 60979374-0
Opcode ID: 6f70ec5c2020247b00df806bffc32d8cdc9c5f2f85592df4dd21a90b49593508
Instruction ID: 24b68d9e03313d0f7eb096cf95f580c148c25ca2cf5e2c9c88984f5c0bbeb10a
Opcode Fuzzy Hash: 6f70ec5c2020247b00df806bffc32d8cdc9c5f2f85592df4dd21a90b49593508
Instruction Fuzzy Hash: 4E115E76508290C6EB62CB36A9413D936E6F39DBD8F2C4719D74947AB0C734C5E9CB01

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140061062 Relevance: 3.0, APIs: 2, Instructions: 21windowCOMMON

Download Yara Rule

APIs

SetFocus.USER32 ref: 0000000140061076
DefWindowProcW.USER32 ref: 0000000140061914

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: FocusProcWindow
String ID:
API String ID: 1691694861-0
Opcode ID: c46562a1a78c51f0a429cb68be8c9c878e45932503c807510968efaed4679516
Instruction ID: 392ee55105f45c8c4303a107cd48593f7fa875780ef8cbd167811236505c5e79
Opcode Fuzzy Hash: c46562a1a78c51f0a429cb68be8c9c878e45932503c807510968efaed4679516
Instruction Fuzzy Hash: 30E01A72214A81C1E7629B13FC613EA6396BB8CBE5F148813DF5E93774CE38C5869320

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140046740 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON

Download Yara Rule

APIs

Shell_NotifyIconW.SHELL32 ref: 0000000140046802

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: IconNotifyShell_
String ID:
API String ID: 1144537725-0
Opcode ID: 29357af47a31f28dcff6a69dbb1a7c6dfea0cb714986cc88172a97117951cce4
Instruction ID: ed608264fd30a2328826fddc125a9f9f83bc5915360b57eb901f2245a37153d3
Opcode Fuzzy Hash: 29357af47a31f28dcff6a69dbb1a7c6dfea0cb714986cc88172a97117951cce4
Instruction Fuzzy Hash: B1214AB270578097EB4DCF22E644799B7A4F748B80F008039AB6D83365EF78E1718B44

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400998F0 Relevance: 1.5, APIs: 1, Instructions: 290COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32 ref: 0000000140099ADF

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: ByteCharMultiWide
String ID:
API String ID: 626452242-0
Opcode ID: f15316203d7fff719e9890e0faae883163b4a1be7110ba5f4352658aa38894ad
Instruction ID: 72a51dc298b90f08429b3901ae25242d1a37174b05b80c83f5ef725e34f26bfc
Opcode Fuzzy Hash: f15316203d7fff719e9890e0faae883163b4a1be7110ba5f4352658aa38894ad
Instruction Fuzzy Hash: BDB1C3B262429486EB668B1FE8447AD73E5F79C7D4F518125FF8683BE4D738C9428700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400D0DC8 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,?,?,00000001400D0E45,?,?,00000000,00000001400D42C7,?,?,?,00000001400CF837,?,?,?,00000001400CF72D), ref: 00000001400D0E06

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 5eb8b6854a16ec681e6b4b13eb802a7a8bbb59f4a70b7021c4ac7a7062f00a9b
Instruction ID: d8b428926375ff64d51e6fd59a63fcb0dd1e2713932fcfa9895de4cd678d1f45
Opcode Fuzzy Hash: 5eb8b6854a16ec681e6b4b13eb802a7a8bbb59f4a70b7021c4ac7a7062f00a9b
Instruction Fuzzy Hash: 62F01C7071574885FA6A6BB3A8513ED22915F8CBE0F084A257F2A872F6DA78C4924631

Uniqueness

Uniqueness Score: -1.00%

Function 000000014004785C Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON

Download Yara Rule

APIs

PostQuitMessage.USER32(?,?,00000005,0000000140047721), ref: 0000000140047896

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: MessagePostQuit
String ID:
API String ID: 1657236379-0
Opcode ID: 05cb24e83f89ff1d74f0f72d238eed04944c60908c23643176f7fabd67db726a
Instruction ID: 506968dab7faac325b5610cf79f8ae105ad4c3076edb9e0ce753ffdf445f53bd
Opcode Fuzzy Hash: 05cb24e83f89ff1d74f0f72d238eed04944c60908c23643176f7fabd67db726a
Instruction Fuzzy Hash: A7E04631314640A2F607FB26E9217EC2621AB8CB84F400408E70E076F3CF38C009D746

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140060FDA Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

DefWindowProcW.USER32 ref: 0000000140061914

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: ProcWindow
String ID:
API String ID: 181713994-0
Opcode ID: ca34d17a8f07a28549ca0089e46fa9cf8117f354b948dc3a65cc2efd0636a92a
Instruction ID: 4a10ec8146a64a9e3a5765d828e3d30e31bb2803ec65dbef55c0ce31ee9d7492
Opcode Fuzzy Hash: ca34d17a8f07a28549ca0089e46fa9cf8117f354b948dc3a65cc2efd0636a92a
Instruction Fuzzy Hash: E4F0A03221468081F663DB23AC113E62296A78CBE4F284916AF5E932F5DA38C5868324

Uniqueness

Uniqueness Score: -1.00%

Function 000000014009A310 Relevance: 1.5, APIs: 1, Instructions: 15COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?,?,?,0000000140007DAC), ref: 000000014009A332

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: b49efc44b1fdb0dc500837521876b45b7b307e7279a77c85fe3da1e9e927beef
Instruction ID: 526f9ce91fcd3ab7d5b3fe3432cd25783030c4d20f401207a99df67c4623b221
Opcode Fuzzy Hash: b49efc44b1fdb0dc500837521876b45b7b307e7279a77c85fe3da1e9e927beef
Instruction Fuzzy Hash: ECD05B3260054082EB26C76AD45537C2250E74DBF4F5C4300F7754B2F4DB38C5D38250

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400D0E28 Relevance: 1.3, APIs: 1, Instructions: 38memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400D0DC8: RtlAllocateHeap.NTDLL(?,?,?,00000001400D0E45,?,?,00000000,00000001400D42C7,?,?,?,00000001400CF837,?,?,?,00000001400CF72D), ref: 00000001400D0E06

HeapReAlloc.KERNEL32(?,?,00000000,00000001400D42C7,?,?,?,00000001400CF837,?,?,?,00000001400CF72D,?,?,?,00000001400CFB0E), ref: 00000001400D0E95

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Heap$AllocAllocate
String ID:
API String ID: 2177240990-0
Opcode ID: 4b5f3b9c5d605d6b538b732745da5be29b87f4cb192d50764708732b8532461e
Instruction ID: be21f41fe575d56785039718b48f9df3ad1619fd122be0847214a60da19bf7f9
Opcode Fuzzy Hash: 4b5f3b9c5d605d6b538b732745da5be29b87f4cb192d50764708732b8532461e
Instruction Fuzzy Hash: 85011D7021564184FE5A67A379447ED12514F9CBE4F588E267F2D872F6DE38C4429221

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 000000014000FD70 Relevance: 102.0, APIs: 39, Strings: 19, Instructions: 453windowCOMMON

Download Yara Rule

APIs

SetWindowTextW.USER32 ref: 000000014000FDBC
SetWindowLongPtrW.USER32 ref: 000000014000FDCD
GetDlgItem.USER32 ref: 000000014000FDDB
SendMessageW.USER32 ref: 000000014000FE02
MapDialogRect.USER32 ref: 000000014000FE10
SendMessageW.USER32 ref: 000000014000FE3E
SendMessageW.USER32 ref: 000000014000FE73
SendMessageW.USER32 ref: 000000014000FEA1
SendMessageW.USER32 ref: 000000014000FED6
SendMessageW.USER32 ref: 000000014000FF34
SendMessageW.USER32 ref: 000000014000FFB4
SendMessageW.USER32 ref: 0000000140010051
SendMessageW.USER32 ref: 0000000140010086
SendMessageW.USER32 ref: 00000001400100BA
SendMessageW.USER32 ref: 00000001400100F6
SendMessageW.USER32 ref: 0000000140010151
SendMessageW.USER32 ref: 0000000140010177
SendMessageW.USER32 ref: 00000001400101AD
SendMessageW.USER32 ref: 00000001400101C5
SendMessageW.USER32 ref: 0000000140010255
SendMessageW.USER32 ref: 0000000140010269
SendMessageW.USER32 ref: 0000000140010332
SendMessageW.USER32 ref: 000000014001034F
SendMessageW.USER32 ref: 0000000140010367
SendMessageW.USER32 ref: 0000000140010389
SendMessageW.USER32 ref: 00000001400103AF
SendMessageW.USER32 ref: 00000001400103D1
SendMessageW.USER32 ref: 00000001400103E8
SendMessageW.USER32 ref: 00000001400103FC
GetDlgItem.USER32 ref: 000000014001044E
EnableWindow.USER32 ref: 0000000140010459
GetDlgItem.USER32 ref: 000000014001047E
GetClientRect.USER32 ref: 0000000140010495
MapWindowPoints.USER32 ref: 00000001400104A9
GetDlgItem.USER32 ref: 00000001400104B7
MoveWindow.USER32 ref: 00000001400104DE
DefDlgProcW.USER32 ref: 00000001400104F3
SetFocus.USER32 ref: 00000001400104FC
ShowWindow.USER32 ref: 0000000140010507

Strings

Warning, xrefs: 000000014000FEF0
, xrefs: 000000014001039F
Text:%.80s%s, xrefs: 000000014000FF86
---- %s, xrefs: 0000000140010020
%s: %.500s, xrefs: 000000014000FF05
The program is now unstable and will exit., xrefs: 000000014001022D
The program will exit., xrefs: 000000014001021B
Critical Error, xrefs: 000000014000FEE4
Stack, xrefs: 000000014001029F
t, xrefs: 000000014000FE7E
The current thread will exit., xrefs: 0000000140010204
For more details, read the documentation for #Warn., xrefs: 0000000140010236
__Delete will now return., xrefs: 00000001400101F2
Line:%dFile:, xrefs: 0000000140010127
AutoHotkey v2.0.12, xrefs: 000000014000FDB5
Error, xrefs: 000000014000FEF7
The script was not reloaded; the old version will remain in effect., xrefs: 0000000140010214
, xrefs: 0000000140010394
Specifically: %.80s%s, xrefs: 000000014000FF5E

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: MessageSend$Window$Item$Rect$ClientDialogEnableFocusLongMovePointsProcShowText
String ID: ---- %s$ $ $%s: %.500s$AutoHotkey v2.0.12$Critical Error$Error$For more details, read the documentation for #Warn.$Line:%dFile:$Specifically: %.80s%s$Stack$Text:%.80s%s$The current thread will exit.$The program is now unstable and will exit.$The program will exit.$The script was not reloaded; the old version will remain in effect.$Warning$__Delete will now return.$t
API String ID: 2984752805-3670748612
Opcode ID: e4b71d6c96a9ff7051a2357e437069eb2b0be0915ff0f7bc03722b77f306621d
Instruction ID: c5e2e773bda85370fc0e25d66554ea89a040090808c1e1c4d169c16ca571653b
Opcode Fuzzy Hash: e4b71d6c96a9ff7051a2357e437069eb2b0be0915ff0f7bc03722b77f306621d
Instruction Fuzzy Hash: D0225D7620465086EB26DF66E454BEE63A2FB8DBC4F908015EB490BBB4CF7DC546DB00

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000172D Relevance: 88.4, APIs: 46, Strings: 4, Instructions: 888timewindowCOMMON

Download Yara Rule

APIs

SetTimer.USER32 ref: 00000001400017E9
GetMessageW.USER32 ref: 0000000140001981

Strings

', xrefs: 000000014000235E
SysTreeView32, xrefs: 0000000140001A4E
SysListView32, xrefs: 0000000140001A65
#32770, xrefs: 0000000140001A00, 0000000140002535

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: MessageTimer
String ID: #32770$'$SysListView32$SysTreeView32
API String ID: 1200668964-442130027
Opcode ID: f158cc1782aa8f0ac49d7b21f174a745a63abd62b20e44f0898f2dc3c00f45ef
Instruction ID: 9ce53d3f74694387105d242d91ce1e20f306c592397a9befb6e9e257a87e50c7
Opcode Fuzzy Hash: f158cc1782aa8f0ac49d7b21f174a745a63abd62b20e44f0898f2dc3c00f45ef
Instruction Fuzzy Hash: 24929EB22046808AFB66CF27E8547E937A2F78DBD4F144119EB4A47AB5DB38C985D700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400309C0 Relevance: 72.6, APIs: 35, Strings: 6, Instructions: 867windowCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014009DF20: GetForegroundWindow.USER32(?,?,?,?,?,?,?,?,?,?,?,000005DC,80000000,0000000140020C78), ref: 000000014009DF55
Part of subcall function 000000014009DF20: IsIconic.USER32 ref: 000000014009DF66
Part of subcall function 000000014009DF20: GetWindowRect.USER32 ref: 000000014009DF7D

Part of subcall function 00000001400C0224: _invalid_parameter_noinfo.LIBCMT ref: 00000001400C0241

GetSystemMetrics.USER32 ref: 0000000140030AA4
GetSystemMetrics.USER32 ref: 0000000140030AB2
GetDC.USER32 ref: 0000000140030D2B
GetLastError.KERNEL32 ref: 0000000140030D3D
DestroyIcon.USER32 ref: 0000000140030D58

Part of subcall function 00000001400C0224: _invalid_parameter_noinfo.LIBCMT ref: 00000001400C029A

DeleteObject.GDI32 ref: 0000000140030D6B
GetIconInfo.USER32 ref: 0000000140030DB0
DeleteObject.GDI32 ref: 0000000140030DED
DeleteObject.GDI32 ref: 0000000140030DF7
GetDC.USER32 ref: 0000000140030DFF
CreateCompatibleDC.GDI32 ref: 0000000140030E0B
GetIconInfo.USER32 ref: 0000000140030E26
GetObjectW.GDI32 ref: 0000000140030E41
CreateCompatibleBitmap.GDI32 ref: 0000000140030E59
SelectObject.GDI32 ref: 0000000140030E71
CreateSolidBrush.GDI32 ref: 0000000140030E96
FillRect.USER32 ref: 0000000140030EA9
DeleteObject.GDI32 ref: 0000000140030EB2
DrawIconEx.USER32 ref: 0000000140030EE6
SelectObject.GDI32 ref: 0000000140030EF2
DeleteObject.GDI32 ref: 0000000140030F03
DeleteObject.GDI32 ref: 0000000140030F0D
DeleteDC.GDI32 ref: 0000000140030F16
ReleaseDC.USER32 ref: 0000000140030F21
DestroyIcon.USER32 ref: 0000000140030F2C

Part of subcall function 000000014002FFF0: CreateCompatibleDC.GDI32 ref: 0000000140030027
Part of subcall function 000000014002FFF0: GetDIBits.GDI32 ref: 0000000140030069
Part of subcall function 000000014002FFF0: SelectObject.GDI32 ref: 00000001400300E9
Part of subcall function 000000014002FFF0: GetDIBits.GDI32 ref: 0000000140030115
Part of subcall function 000000014002FFF0: GetSystemPaletteEntries.GDI32 ref: 000000014003014C

CreateCompatibleDC.GDI32 ref: 0000000140030F9B
CreateCompatibleBitmap.GDI32 ref: 0000000140030FBD
SelectObject.GDI32 ref: 0000000140030FD6
BitBlt.GDI32 ref: 000000014003101F
GetLastError.KERNEL32 ref: 00000001400313D6
ReleaseDC.USER32 ref: 00000001400313E4
DeleteObject.GDI32 ref: 00000001400313F9
SelectObject.GDI32 ref: 0000000140031417
DeleteDC.GDI32 ref: 0000000140031420
DeleteObject.GDI32 ref: 0000000140031432

Strings

exe, xrefs: 0000000140030A79
Icon, xrefs: 0000000140030B07
, xrefs: 0000000140030FF4
dll, xrefs: 0000000140030A8C
ico, xrefs: 0000000140030A66
Trans, xrefs: 0000000140030B35

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Object$Delete$Create$CompatibleIconSelect$System$BitmapBitsDestroyErrorInfoLastMetricsRectReleaseWindow_invalid_parameter_noinfo$BrushDrawEntriesFillForegroundIconicPaletteSolid
String ID: $Icon$Trans$dll$exe$ico
API String ID: 2043964378-1617956751
Opcode ID: 788c07d799799d62a64876d5ed4248b3641609c731d991ef39c97d5ccecb601a
Instruction ID: e77bbcefa7cc1a1fcf308a93db9c43432532565d8170f84dfe42a9dc3ea70c4a
Opcode Fuzzy Hash: 788c07d799799d62a64876d5ed4248b3641609c731d991ef39c97d5ccecb601a
Instruction Fuzzy Hash: 9E82DF32615B818AEB278F66D4103EE77A1F78CBC8F108115EF8A57BA8DB78C585C740

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001DAF0 Relevance: 70.9, APIs: 35, Strings: 5, Instructions: 887threadkeyboardsynchronizationCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32 ref: 000000014001DC1E
CreateMutexW.KERNEL32 ref: 000000014001DC2F
GetLastError.KERNEL32 ref: 000000014001DC38
CloseHandle.KERNEL32 ref: 000000014001DC5B
GetWindowThreadProcessId.USER32 ref: 000000014001DCF5
AttachThreadInput.USER32 ref: 000000014001DD34
GetKeyboardLayout.USER32 ref: 000000014001DE3C

Part of subcall function 00000001400C0410: _invalid_parameter_noinfo.LIBCMT ref: 00000001400C042D

GetTickCount.KERNEL32 ref: 000000014001DD55
GetCurrentThreadId.KERNEL32 ref: 000000014001DD7F
GetForegroundWindow.USER32 ref: 000000014001DDEC
GetWindowThreadProcessId.USER32 ref: 000000014001DDFC
GetGUIThreadInfo.USER32 ref: 000000014001DE11
GetWindowThreadProcessId.USER32 ref: 000000014001DE29
GetAsyncKeyState.USER32 ref: 000000014001DF6A
GetAsyncKeyState.USER32 ref: 000000014001DF7A
GetTickCount.KERNEL32 ref: 000000014001DFBA
BlockInput.USER32 ref: 000000014001E14A
GetTickCount.KERNEL32 ref: 000000014001E193
PeekMessageW.USER32 ref: 000000014001E1C1
GetTickCount.KERNEL32 ref: 000000014001E1E8

Strings

{Blind, xrefs: 000000014001DB4B
^+!#{}, xrefs: 000000014001E206
{Click, xrefs: 000000014001DC77
{Text}, xrefs: 000000014001DBCB
AHK Keybd, xrefs: 000000014001DC24

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Thread$CountTickWindow$Process$AsyncCloseHandleInputState$AttachBlockCreateCurrentErrorForegroundInfoKeyboardLastLayoutMessageMutexPeek_invalid_parameter_noinfo
String ID: AHK Keybd$^+!#{}${Blind${Click${Text}
API String ID: 2993791251-1448771239
Opcode ID: f427a931fa081c38792bf05125be5e21ada062e4900f809bbe3bb2c9f74b32b5
Instruction ID: 33f2c88e7f7d6382ff08455201b7dc6db32467853b375bc8ad74f9cf1a41f026
Opcode Fuzzy Hash: f427a931fa081c38792bf05125be5e21ada062e4900f809bbe3bb2c9f74b32b5
Instruction Fuzzy Hash: 5592F1712042908AF7678B27A8503F93BE1E75DBD9F04811AFB864B6F5CB3AC585E710

Uniqueness

Uniqueness Score: -1.00%

Function 000000014005FA90 Relevance: 58.4, APIs: 13, Strings: 20, Instructions: 661processwindowCOMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32(?,?,?,?,?,00000000,00000000,?,00000001400472A0,?,0000000140010714), ref: 000000014005FB09
CreateProcessWithLogonW.ADVAPI32 ref: 00000001400600B7
CreateProcessW.KERNEL32 ref: 0000000140060100
CloseHandle.KERNEL32 ref: 0000000140060113
GetLastError.KERNEL32 ref: 0000000140060122
GetLastError.KERNEL32 ref: 00000001400600C1

Part of subcall function 00000001400C0224: _invalid_parameter_noinfo.LIBCMT ref: 00000001400C0241

ShellExecuteExW.SHELL32 ref: 0000000140060396

Part of subcall function 00000001400C0224: _invalid_parameter_noinfo.LIBCMT ref: 00000001400C029A

SetCurrentDirectoryW.KERNEL32 ref: 00000001400602A6
GetFileAttributesW.KERNEL32 ref: 000000014006031E
SetCurrentDirectoryW.KERNEL32 ref: 000000014006037A
CloseHandle.KERNEL32 ref: 00000001400603D3
GetLastError.KERNEL32 ref: 00000001400603F2
FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,?,00000001400472A0,?,0000000140010714), ref: 0000000140060449

Strings

Min, xrefs: 000000014005FE8B, 0000000140060183
Launch Error (possibly related to RunAs):, xrefs: 00000001400604BF
%sAction: <%-0.400s%s>%sParams: <%-0.400s%s>, xrefs: 00000001400604CB
Hide, xrefs: 000000014005FEC2, 00000001400601AF
properties, xrefs: 000000014005FBDB, 000000014005FCFD, 00000001400601DC
open, xrefs: 000000014005FBA2, 000000014005FCC4
\/., xrefs: 00000001400602D3
String too long., xrefs: 000000014005FE0B
Parameter #2 invalid., xrefs: 000000014005FB26
System verbs unsupported with RunAs., xrefs: 000000014005FDAF
Verb: <%s>, xrefs: 0000000140060458
..., xrefs: 00000001400604A0
"%s" %s, xrefs: 000000014005FF41
Failed attempt to launch program or document:, xrefs: 00000001400604E9
explore, xrefs: 000000014005FB8F, 000000014005FCB1
find, xrefs: 000000014005FB7F, 000000014005FC9E
.exe.bat.com.cmd.hta, xrefs: 000000014006030A
Max, xrefs: 000000014005FEA8, 0000000140060196
Edit, xrefs: 000000014005FBB5, 000000014005FCD7
print, xrefs: 000000014005FBC8, 000000014005FCEA

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: ErrorLast$AttributesCloseCreateCurrentDirectoryFileHandleProcess_invalid_parameter_noinfo$ExecuteFormatLogonMessageShellWith
String ID: Verb: <%s>$"%s" %s$%sAction: <%-0.400s%s>%sParams: <%-0.400s%s>$...$.exe.bat.com.cmd.hta$Edit$Failed attempt to launch program or document:$Hide$Launch Error (possibly related to RunAs):$Max$Min$Parameter #2 invalid.$String too long.$System verbs unsupported with RunAs.$\/.$explore$find$open$print$properties
API String ID: 3639814043-3158883562
Opcode ID: f44e604d67a41d49b28df88f6d708bd39fc30f0fd3b3157d8a5ae26a07d91e9e
Instruction ID: 8e637024b61dba167994f3bc0c35f639fb809f6e92ca8cacf06f3747464adf17
Opcode Fuzzy Hash: f44e604d67a41d49b28df88f6d708bd39fc30f0fd3b3157d8a5ae26a07d91e9e
Instruction Fuzzy Hash: 48628C72605B8185EB22DF22E8503EA23A5FB4DBD8F544615FB5D17BB9EB38C681D300

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140087F30 Relevance: 45.8, APIs: 25, Strings: 1, Instructions: 258windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,?,?,?,?,?,?,00000000,?,00000000,00000000,?,00000000,0000000140088611), ref: 0000000140087F62
GetWindowLongW.USER32 ref: 0000000140087F79
IsWindowVisible.USER32 ref: 0000000140087FA6
IsIconic.USER32 ref: 0000000140087FB6
GetFocus.USER32(?,?,?,?,?,?,?,00000000,?,00000000,00000000,?,00000000,0000000140088611), ref: 0000000140087FE3
GetDlgCtrlID.USER32 ref: 0000000140087FF4
GetParent.USER32 ref: 000000014008801A
GetWindowRect.USER32 ref: 000000014008803A
GetPropW.USER32 ref: 000000014008804B
ShowWindow.USER32(?,?,?,?,?,?,?,00000000,?,00000000,00000000,?,00000000,0000000140088611), ref: 0000000140088063
GetUpdateRect.USER32 ref: 0000000140088082
SendMessageW.USER32(?,?,?,?,?,?,?,00000000,?,00000000,00000000,?,00000000,0000000140088611), ref: 0000000140088096
GetWindowLongW.USER32 ref: 0000000140088142
ShowWindow.USER32 ref: 000000014008816B
EnableWindow.USER32 ref: 0000000140088180
GetWindowRect.USER32 ref: 0000000140088195
PtInRect.USER32 ref: 00000001400881A5
PtInRect.USER32 ref: 00000001400881B9
SetFocus.USER32 ref: 0000000140088210
SendMessageW.USER32(?,?,?,?,?,?,?,00000000,?,00000000,00000000,?,00000000,0000000140088611), ref: 000000014008825F
ShowWindow.USER32(?,?,?,?,?,?,?,00000000,?,00000000,00000000,?,00000000,0000000140088611), ref: 0000000140088277
SetFocus.USER32(?,?,?,?,?,?,?,00000000,?,00000000,00000000,?,00000000,0000000140088611), ref: 0000000140088286
InvalidateRect.USER32(?,?,?,?,?,?,?,00000000,?,00000000,00000000,?,00000000,0000000140088611), ref: 00000001400882B2
MapWindowPoints.USER32 ref: 00000001400882C9
InvalidateRect.USER32(?,?,?,?,?,?,?,00000000,?,00000000,00000000,?,00000000,0000000140088611), ref: 00000001400882DE

Strings

ahk_dlg, xrefs: 0000000140088044

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Window$Rect$FocusMessageSendShow$InvalidateLong$CtrlEnableIconicParentPointsPropUpdateVisible
String ID: ahk_dlg
API String ID: 2920309579-2093416220
Opcode ID: 15b49a2d775aa2b15ecdb5b42adc9b3b08469073a319d920837f31bcbd08a5d8
Instruction ID: 6b0f15f292fd5b6e2c233084b5252e8842e392e0d1771d7e4a4e64847f093a7f
Opcode Fuzzy Hash: 15b49a2d775aa2b15ecdb5b42adc9b3b08469073a319d920837f31bcbd08a5d8
Instruction Fuzzy Hash: 36B19037204A4182EBB28B23D4547AE37A2FB8CBD4F149111EF4A036B5DF39C996D710

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140041C40 Relevance: 44.2, APIs: 21, Strings: 4, Instructions: 464windowtimeinjectionCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32 ref: 0000000140041CFA
SendMessageTimeoutW.USER32 ref: 0000000140041D39
SendMessageTimeoutW.USER32 ref: 0000000140041D72
SendMessageTimeoutW.USER32 ref: 0000000140041E49
GetWindowThreadProcessId.USER32 ref: 0000000140041EC2
OpenProcess.KERNEL32 ref: 0000000140041ED3
VirtualAllocEx.KERNEL32 ref: 0000000140041EFF
CloseHandle.KERNEL32 ref: 0000000140041F14
SendMessageTimeoutW.USER32 ref: 0000000140041F80
IsWow64Process.KERNEL32 ref: 0000000140041FC6
SendMessageTimeoutW.USER32 ref: 0000000140042084
WriteProcessMemory.KERNEL32 ref: 00000001400420DD
SendMessageTimeoutW.USER32 ref: 0000000140042110
SendMessageTimeoutW.USER32 ref: 0000000140042214
VirtualFreeEx.KERNEL32 ref: 0000000140042274
CloseHandle.KERNEL32 ref: 000000014004227F
WriteProcessMemory.KERNEL32 ref: 0000000140042310
SendMessageTimeoutW.USER32 ref: 0000000140042345
ReadProcessMemory.KERNEL32 ref: 0000000140042376
VirtualFreeEx.KERNEL32 ref: 00000001400423D4
CloseHandle.KERNEL32 ref: 00000001400423DF

Strings

Selected, xrefs: 0000000140041D87
Count, xrefs: 0000000140041D78
Focused, xrefs: 0000000140041D99
Col, xrefs: 0000000140041DAB

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: MessageSendTimeout$Process$CloseHandleMemoryVirtual$FreeWrite$AllocOpenReadThreadWindowWow64
String ID: Col$Count$Focused$Selected
API String ID: 4284125963-81583591
Opcode ID: d174a4fcb968ee5423fa22973b449e344a759fe88950dd7fcdb2adbb8730d1a5
Instruction ID: 734d11a30da0b4c002f8edadc183279dbb4d4a0fd2f17bd27a528bf65f1bcf2e
Opcode Fuzzy Hash: d174a4fcb968ee5423fa22973b449e344a759fe88950dd7fcdb2adbb8730d1a5
Instruction Fuzzy Hash: 50228C72304B8086EB618B56E4407EEB7A1FB887E4F554225FFA947BE8DB78C445CB04

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140035200 Relevance: 39.3, APIs: 8, Strings: 14, Instructions: 833timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32 ref: 0000000140035551
GetTimeFormatW.KERNEL32 ref: 0000000140035B5C
GetDateFormatW.KERNEL32 ref: 0000000140035D21

Strings

ShortDate, xrefs: 0000000140035A02
YDay0, xrefs: 00000001400359A8
Sys, xrefs: 00000001400357B1
YearMonth, xrefs: 0000000140035A52
%03d, xrefs: 0000000140035E55
Time, xrefs: 0000000140035A7A
%.17g, xrefs: 000000014003530C, 0000000140035475
LongDate, xrefs: 0000000140035A2A
YDay, xrefs: 0000000140035991
WDay, xrefs: 00000001400359BF
dMyg, xrefs: 0000000140035C2A
YWeek, xrefs: 000000014003589B
String, xrefs: 0000000140035296, 00000001400353EA
hHmst, xrefs: 0000000140035C52

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: FormatTime$DateLocal
String ID: %.17g$%03d$LongDate$ShortDate$String$Sys$Time$WDay$YDay$YDay0$YWeek$YearMonth$dMyg$hHmst
API String ID: 367962810-2414579754
Opcode ID: 96097ed3250f480d7fd2e80caa135ac679bc27a1f56186db5c29d2c5a2ba9d9b
Instruction ID: d60b58efcd655f0e25fd9dcfd3f95dd2fb258c0b87b2891a4c877ab484c8f3c4
Opcode Fuzzy Hash: 96097ed3250f480d7fd2e80caa135ac679bc27a1f56186db5c29d2c5a2ba9d9b
Instruction Fuzzy Hash: 3D82C07261878185EB27AF27D4103EB67A1FB8DBC9F845112EF8A47AB5EB38C545C300

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400070F0 Relevance: 33.4, APIs: 13, Strings: 6, Instructions: 188clipboardmemoryCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32 ref: 0000000140007166
GlobalLock.KERNEL32 ref: 00000001400071BD
GlobalFree.KERNEL32 ref: 00000001400071DA
EmptyClipboard.USER32 ref: 000000014000731D
GlobalUnlock.KERNEL32 ref: 000000014000733F
CloseClipboard.USER32 ref: 000000014000734C
GlobalUnlock.KERNEL32 ref: 000000014000738E
GlobalFree.KERNEL32 ref: 00000001400073AD
GlobalUnlock.KERNEL32 ref: 00000001400073D2
CloseClipboard.USER32 ref: 00000001400073DF
SetClipboardData.USER32 ref: 0000000140007408
GlobalUnlock.KERNEL32 ref: 0000000140007434
CloseClipboard.USER32 ref: 0000000140007441

Strings

Out of memory. The current thread will exit., xrefs: 00000001400072B8
Can't open clipboard for writing., xrefs: 000000014000730C
SetClipboardData, xrefs: 0000000140007454
Out of memory., xrefs: 000000014000717F
EmptyClipboard, xrefs: 000000014000735F
An internal function call failed., xrefs: 0000000140007218, 0000000140007253

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Global$Clipboard$Unlock$Close$Free$AllocDataEmptyLock
String ID: An internal function call failed.$Can't open clipboard for writing.$EmptyClipboard$Out of memory.$Out of memory. The current thread will exit.$SetClipboardData
API String ID: 870983584-3860257172
Opcode ID: 63ec302d2dcc4e07dafa7ffbe875a7ec8decf3c84bb9ba25e6df6b3287bd95ea
Instruction ID: ff896cda36521d4ffc1f2a28ace57411d0de1a9b79acbae4c44f8ebf8a808d26
Opcode Fuzzy Hash: 63ec302d2dcc4e07dafa7ffbe875a7ec8decf3c84bb9ba25e6df6b3287bd95ea
Instruction Fuzzy Hash: 8FA114B1611A4081FA27DB17F950BEA73A2BB8CBD0F05426AEB59176B0DFBCC841D711

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400252B0 Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 149libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00000001400252EA
GetModuleHandleW.KERNEL32 ref: 00000001400252FE
GetModuleHandleW.KERNEL32 ref: 0000000140025312
GetModuleHandleW.KERNEL32 ref: 0000000140025326
WideCharToMultiByte.KERNEL32 ref: 00000001400253AD
GetProcAddress.KERNEL32 ref: 00000001400253CD
GetProcAddress.KERNEL32 ref: 0000000140025421
WideCharToMultiByte.KERNEL32 ref: 0000000140025457
GetModuleHandleW.KERNEL32 ref: 0000000140025465
LoadLibraryW.KERNEL32 ref: 0000000140025480
GetProcAddress.KERNEL32 ref: 00000001400254B1
GetProcAddress.KERNEL32 ref: 00000001400254EC

Strings

user32, xrefs: 00000001400252DD
comctl32, xrefs: 0000000140025304
kernel32, xrefs: 00000001400252F0
Failed to load DLL., xrefs: 0000000140025499
gdi32, xrefs: 0000000140025318
Call to nonexistent function., xrefs: 0000000140025502

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: HandleModule$AddressProc$ByteCharMultiWide$LibraryLoad
String ID: Call to nonexistent function.$Failed to load DLL.$comctl32$gdi32$kernel32$user32
API String ID: 2554685833-2055167431
Opcode ID: 1c853968632f3c1745b7333d189281879c3be8abebc191bfb2c203d28efc3c37
Instruction ID: fc907daecbf82522ccbdd24f04bd947d1e043591de6429c154a07a64520e4e07
Opcode Fuzzy Hash: 1c853968632f3c1745b7333d189281879c3be8abebc191bfb2c203d28efc3c37
Instruction Fuzzy Hash: 8D617F75205B8085EA22DF12E8543EA63A1FB9DBC5F948019EF8D43BB4EB3CC846C704

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003DD10 Relevance: 29.8, APIs: 16, Strings: 1, Instructions: 96COMMON

Download Yara Rule

APIs

GetCursorInfo.USER32 ref: 000000014003DD2A
LoadCursorW.USER32 ref: 000000014003DD69
LoadCursorW.USER32 ref: 000000014003DD7D
LoadCursorW.USER32 ref: 000000014003DD91
LoadCursorW.USER32 ref: 000000014003DDA5
LoadCursorW.USER32 ref: 000000014003DDB9
LoadCursorW.USER32 ref: 000000014003DDCD
LoadCursorW.USER32 ref: 000000014003DDE1
LoadCursorW.USER32 ref: 000000014003DDF5
LoadCursorW.USER32 ref: 000000014003DE09
LoadCursorW.USER32 ref: 000000014003DE1D
LoadCursorW.USER32 ref: 000000014003DE31
LoadCursorW.USER32 ref: 000000014003DE45
LoadCursorW.USER32 ref: 000000014003DE59
LoadCursorW.USER32 ref: 000000014003DE6D
LoadCursorW.USER32 ref: 000000014003DE81

Strings

Unknown, xrefs: 000000014003DD3F

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Cursor$Load$Info
String ID: Unknown
API String ID: 2577412497-1654365787
Opcode ID: 1a24f7e5dbec5a0ccffff61eba69a64616ce38ee737c9d0f6de7d77f58208063
Instruction ID: f92dc1eb81ddf41376ac4e892ba927984eaa382153d77e127365fa185dbf900b
Opcode Fuzzy Hash: 1a24f7e5dbec5a0ccffff61eba69a64616ce38ee737c9d0f6de7d77f58208063
Instruction Fuzzy Hash: F5414771615B0182FB569B26F9543AE33A6FB4CB80F11803DEA4E937B4EF7CC4669200

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400A1B30 Relevance: 28.7, APIs: 19, Instructions: 209threadwindowCOMMON

Download Yara Rule

APIs

GetWindowThreadProcessId.USER32 ref: 00000001400A1B48
GetForegroundWindow.USER32(?,?,00000000,00000000,00000002,80000000,0000000140020ED2), ref: 00000001400A1B69
IsIconic.USER32 ref: 00000001400A1B75
ShowWindow.USER32(?,?,00000000,00000000,00000002,80000000,0000000140020ED2), ref: 00000001400A1B87
SetForegroundWindow.USER32(?,?,00000000,00000000,00000002,80000000,0000000140020ED2), ref: 00000001400A1BAB
GetForegroundWindow.USER32(?,?,00000000,00000000,00000002,80000000,0000000140020ED2), ref: 00000001400A1BD2
GetWindow.USER32 ref: 00000001400A1BFA
GetWindowThreadProcessId.USER32 ref: 00000001400A1C32
AttachThreadInput.USER32(?,?,00000000,00000000,00000002,80000000,0000000140020ED2), ref: 00000001400A1C62
AttachThreadInput.USER32(?,?,00000000,00000000,00000002,80000000,0000000140020ED2), ref: 00000001400A1C84
SetForegroundWindow.USER32(?,?,00000000,00000000,00000002,80000000,0000000140020ED2), ref: 00000001400A1CDC
GetForegroundWindow.USER32(?,?,00000000,00000000,00000002,80000000,0000000140020ED2), ref: 00000001400A1D03
GetWindow.USER32 ref: 00000001400A1D22
SetForegroundWindow.USER32 ref: 00000001400A1D80
GetForegroundWindow.USER32 ref: 00000001400A1DA7
GetWindow.USER32 ref: 00000001400A1DC2
AttachThreadInput.USER32(?,?,00000000,00000000,00000002,80000000,0000000140020ED2), ref: 00000001400A1DEF
AttachThreadInput.USER32(?,?,00000000,00000000,00000002,80000000,0000000140020ED2), ref: 00000001400A1E08
BringWindowToTop.USER32 ref: 00000001400A1E1B

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Window$Foreground$Thread$AttachInput$Process$BringIconicShow
String ID:
API String ID: 1113931720-0
Opcode ID: ceaf1cdb885d2cca2777cac268fb9c8570852c2afdc0f730b8f3851649dd4e14
Instruction ID: 8446bd2a82e57b31e22cef29e4a505da68c482be2ea5d55c84675f3c8bc0714b
Opcode Fuzzy Hash: ceaf1cdb885d2cca2777cac268fb9c8570852c2afdc0f730b8f3851649dd4e14
Instruction Fuzzy Hash: 8A81BD7124124086FB639F27F9147EA6792AB9DBE4F184124EF46076B0EB3DC4C5DB10

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140027940 Relevance: 28.5, APIs: 13, Strings: 3, Instructions: 474fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 0000000140027B14
GetFileSize.KERNEL32 ref: 0000000140027B34
GetLastError.KERNEL32 ref: 0000000140027B42
GetLastError.KERNEL32 ref: 0000000140027B57
CloseHandle.KERNEL32 ref: 0000000140027B6A

Strings

Invalid option., xrefs: 0000000140027ADB
Raw, xrefs: 0000000140027A9D
, xrefs: 0000000140027A14

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: ErrorFileLast$CloseCreateHandleSize
String ID: $Invalid option.$Raw
API String ID: 3555958901-363237880
Opcode ID: 7d8aa38b624f4f1238fba0f91475b0a4e6231b94694d88a287a1772b01d77ccd
Instruction ID: 11fe17b2903f0102020f06be470a95e138520a59ce9213c74ebcaea935d57c71
Opcode Fuzzy Hash: 7d8aa38b624f4f1238fba0f91475b0a4e6231b94694d88a287a1772b01d77ccd
Instruction Fuzzy Hash: 6E12BE32205B9082EB66DB26E5447EA63A5F74CBE4F448229EF5D477F4DB38C846C340

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400A05B0 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 228clipboardmemoryCOMMON

Download Yara Rule

APIs

EmptyClipboard.USER32(?,?,?,?,?,?,?,000000014003AD0B), ref: 00000001400A06DB
GlobalAlloc.KERNEL32(?,?,?,?,?,?,?,000000014003AD0B), ref: 00000001400A0729
GlobalLock.KERNEL32 ref: 00000001400A0742
GlobalUnlock.KERNEL32(?,?,?,?,?,?,?,000000014003AD0B), ref: 00000001400A0762
SetClipboardData.USER32 ref: 00000001400A0771
GlobalUnlock.KERNEL32(?,?,?,?,?,?,?,000000014003AD0B), ref: 00000001400A079C
CloseClipboard.USER32(?,?,?,?,?,?,?,000000014003AD0B), ref: 00000001400A07A9
GlobalFree.KERNEL32 ref: 00000001400A07E5
GlobalUnlock.KERNEL32(?,?,?,?,?,?,?,000000014003AD0B), ref: 00000001400A0803
CloseClipboard.USER32(?,?,?,?,?,?,?,000000014003AD0B), ref: 00000001400A0810
GlobalUnlock.KERNEL32(?,?,?,?,?,?,?,000000014003AD0B), ref: 00000001400A092A
CloseClipboard.USER32(?,?,?,?,?,?,?,000000014003AD0B), ref: 00000001400A0937

Strings

Out of memory. The current thread will exit., xrefs: 00000001400A06A7, 00000001400A08FA
Can't open clipboard for writing., xrefs: 00000001400A05F8, 00000001400A063F
Out of memory., xrefs: 00000001400A0951
An internal function call failed., xrefs: 00000001400A0857, 00000001400A0894

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Global$Clipboard$Unlock$Close$AllocDataEmptyFreeLock
String ID: An internal function call failed.$Can't open clipboard for writing.$Out of memory.$Out of memory. The current thread will exit.
API String ID: 3628945100-33532317
Opcode ID: 1ec1714f787a8418e8f8003842db356fff7f9f423bab0ea38b4ee5d5f2667ad8
Instruction ID: 76b4e6dcde0c2f74af566f322619daeae61400d5e0c4dc68cb48a1ce9a9cd4e4
Opcode Fuzzy Hash: 1ec1714f787a8418e8f8003842db356fff7f9f423bab0ea38b4ee5d5f2667ad8
Instruction Fuzzy Hash: 96B13975601B4882FA229B17F8107EA73A1FB9CBD4F444229AF4917BB5DF78C895DB00

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140010530 Relevance: 25.7, APIs: 17, Instructions: 218windowCOMMON

Download Yara Rule

APIs

GetWindowLongPtrW.USER32 ref: 0000000140010590

Part of subcall function 0000000140047130: GetClassNameW.USER32 ref: 0000000140047213

EndDialog.USER32 ref: 00000001400105E5
SendMessageW.USER32 ref: 0000000140010656
SendMessageW.USER32 ref: 00000001400106A7
PostMessageW.USER32 ref: 00000001400106BA
GetWindowLongPtrW.USER32 ref: 00000001400106F6
GetWindowRect.USER32 ref: 0000000140010725
SendMessageW.USER32 ref: 000000014001073A
GetSystemMetrics.USER32 ref: 0000000140010745
SendMessageW.USER32 ref: 0000000140010788
GetWindowLongW.USER32 ref: 00000001400107A1
SendMessageW.USER32 ref: 00000001400107BE
GetSystemMetrics.USER32 ref: 00000001400107C9
ScrollWindow.USER32 ref: 00000001400107E3
MoveWindow.USER32 ref: 000000014001080D
GetWindowRect.USER32 ref: 000000014001081A
MoveWindow.USER32 ref: 0000000140010853

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Window$Message$Send$Long$MetricsMoveRectSystem$ClassDialogNamePostScroll
String ID:
API String ID: 3989474902-0
Opcode ID: 94171216bc189609904d06edf9e432b7d968d524b655154d06eef318c8b4dba1
Instruction ID: d3cade3c17f5b0978618f472b05ac9d1ae1b5ca701c232821b4cb2010d53eec3
Opcode Fuzzy Hash: 94171216bc189609904d06edf9e432b7d968d524b655154d06eef318c8b4dba1
Instruction Fuzzy Hash: 6091A0322146508BEB21CF36D8147ED33A2FB4DBD8F548515FB864BBA8CB79D9468740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140030250 Relevance: 25.0, APIs: 12, Strings: 2, Instructions: 458windowCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014009DF20: GetForegroundWindow.USER32(?,?,?,?,?,?,?,?,?,?,?,000005DC,80000000,0000000140020C78), ref: 000000014009DF55
Part of subcall function 000000014009DF20: IsIconic.USER32 ref: 000000014009DF66
Part of subcall function 000000014009DF20: GetWindowRect.USER32 ref: 000000014009DF7D

GetDC.USER32 ref: 000000014003039D
CreateCompatibleDC.GDI32 ref: 00000001400303E4
CreateCompatibleBitmap.GDI32 ref: 0000000140030406
SelectObject.GDI32 ref: 0000000140030425
BitBlt.GDI32 ref: 0000000140030476

Part of subcall function 000000014002FFF0: CreateCompatibleDC.GDI32 ref: 0000000140030027
Part of subcall function 000000014002FFF0: GetDIBits.GDI32 ref: 0000000140030069
Part of subcall function 000000014002FFF0: SelectObject.GDI32 ref: 00000001400300E9
Part of subcall function 000000014002FFF0: GetDIBits.GDI32 ref: 0000000140030115
Part of subcall function 000000014002FFF0: GetSystemPaletteEntries.GDI32 ref: 000000014003014C

GetLastError.KERNEL32 ref: 0000000140030817
ReleaseDC.USER32 ref: 0000000140030826
GetLastError.KERNEL32 ref: 000000014003084B
ReleaseDC.USER32 ref: 000000014003085A
SelectObject.GDI32 ref: 0000000140030892
DeleteDC.GDI32 ref: 00000001400308A0
DeleteObject.GDI32 ref: 00000001400308B3

Strings

0x%06X, xrefs: 00000001400305BA
, xrefs: 000000014003044C

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Object$CompatibleCreateSelect$BitsDeleteErrorLastReleaseWindow$BitmapEntriesForegroundIconicPaletteRectSystem
String ID: $0x%06X
API String ID: 971289671-894828092
Opcode ID: 0efb5e6110e6aaa5385eab0b04ed213010bf5a5009a992293838c84c32dd925d
Instruction ID: 0919d36f6abeef3c9b217660eabdf443cdc0c3a145fca1a5b737e3768672352b
Opcode Fuzzy Hash: 0efb5e6110e6aaa5385eab0b04ed213010bf5a5009a992293838c84c32dd925d
Instruction Fuzzy Hash: 2B12C03261A6D48AE7678B2AA4507EBB7E1F788790F104215BBC943BA5DF38D845CF40

Uniqueness

Uniqueness Score: -1.00%

Function 000000014008BB10 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 193windowthreadCOMMON

Download Yara Rule

APIs

CheckMenuItem.USER32 ref: 000000014008BC63
CheckMenuItem.USER32 ref: 000000014008BC86
GetCursorPos.USER32(?,?,?,?,?,?,?,?,?,00000001400612B1), ref: 000000014008BCA3
GetForegroundWindow.USER32(?,?,?,?,?,?,?,?,?,00000001400612B1), ref: 000000014008BCF3
GetWindowThreadProcessId.USER32 ref: 000000014008BD06
SetForegroundWindow.USER32(?,?,?,?,?,?,?,?,?,00000001400612B1), ref: 000000014008BD23
SetForegroundWindow.USER32(?,?,?,?,?,?,?,?,?,00000001400612B1), ref: 000000014008BD4F
PostMessageW.USER32 ref: 000000014008BD7D
TrackPopupMenuEx.USER32(?,?,?,?,?,?,?,?,?,00000001400612B1), ref: 000000014008BDCB
PostMessageW.USER32 ref: 000000014008BDEF
GetForegroundWindow.USER32(?,?,?,?,?,?,?,?,?,00000001400612B1), ref: 000000014008BE01
SetForegroundWindow.USER32(?,?,?,?,?,?,?,?,?,00000001400612B1), ref: 000000014008BE13

Strings

Out of memory. The current thread will exit., xrefs: 000000014008BC12
Invalid menu type., xrefs: 000000014008BB64, 000000014008BBAA

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Window$Foreground$Menu$CheckItemMessagePost$CursorPopupProcessThreadTrack
String ID: Invalid menu type.$Out of memory. The current thread will exit.
API String ID: 2225002760-1068455092
Opcode ID: 743c597454b3be43c3f2aed2df8bca673236ea7c6cebc33129033e8a1baef6a6
Instruction ID: d8a0731b5f30e44b2710db1b0f44e8bc2cdfa18bc41ad10060a3e0d5f53f7497
Opcode Fuzzy Hash: 743c597454b3be43c3f2aed2df8bca673236ea7c6cebc33129033e8a1baef6a6
Instruction Fuzzy Hash: 36918972204A8096F7229F57E8903EA77A1FB8CBD4F444029EB4A07BB5DF78D945DB10

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140028F30 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 170filewindowCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32 ref: 0000000140028F6C
GetTickCount.KERNEL32 ref: 0000000140028F80
PeekMessageW.USER32 ref: 0000000140028FAD
GetTickCount.KERNEL32 ref: 0000000140028FC4
FindNextFileW.KERNEL32 ref: 0000000140029093
FindClose.KERNEL32 ref: 00000001400290A4
FindFirstFileW.KERNEL32 ref: 00000001400290D8
GetTickCount.KERNEL32 ref: 00000001400290F0
PeekMessageW.USER32 ref: 000000014002911D
GetTickCount.KERNEL32 ref: 0000000140029134
FindNextFileW.KERNEL32 ref: 00000001400291D9
FindClose.KERNEL32 ref: 00000001400291EA

Strings

., xrefs: 000000014002914B
%s\%s, xrefs: 00000001400291AE

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Find$CountFileTick$CloseFirstMessageNextPeek
String ID: %s\%s$.
API String ID: 651082337-2631528844
Opcode ID: a7ad65b75887f6bb0a78720b9c4c0a6822cb1cbc9a1c3474690cd60f6fe9e800
Instruction ID: d4a450a648438bd3baab2923be5af58423fbdf0c8874e99ef2ae44be0ab66089
Opcode Fuzzy Hash: a7ad65b75887f6bb0a78720b9c4c0a6822cb1cbc9a1c3474690cd60f6fe9e800
Instruction Fuzzy Hash: 1D81913520068496EA66DF23F4487EA73A1F78CBE4F448219EBA5436F4DB78C896C710

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140034F74 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 94windowCOMMON

Download Yara Rule

APIs

MessageBeep.USER32 ref: 0000000140034FB0
mciSendStringW.WINMM ref: 0000000140034FD5
mciSendStringW.WINMM ref: 0000000140034FF3
mciSendStringW.WINMM ref: 000000014003501F
mciSendStringW.WINMM ref: 0000000140035043
mciSendStringW.WINMM ref: 00000001400350B6
mciSendStringW.WINMM ref: 00000001400350D7

Strings

close AHK_PlayMe, xrefs: 0000000140034FE7, 00000001400350CB
play AHK_PlayMe, xrefs: 000000014003503A
status AHK_PlayMe mode, xrefs: 0000000140034FCE, 00000001400350AF
Wait, xrefs: 0000000140035066
open "%s" alias AHK_PlayMe, xrefs: 0000000140034FFC
stopped, xrefs: 000000014003507F
1, xrefs: 000000014003505A

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: SendString$BeepMessage
String ID: 1$Wait$close AHK_PlayMe$open "%s" alias AHK_PlayMe$play AHK_PlayMe$status AHK_PlayMe mode$stopped
API String ID: 1706516490-1425068873
Opcode ID: 3e6a7942dcd586a7a49b8a6bb3be91ca61c6799065a0667dcb4dc35582bb248e
Instruction ID: b0b605cea56824aa5dbcf523a2e1657e3ff4ff3883325843012b21d6e7ec30d3
Opcode Fuzzy Hash: 3e6a7942dcd586a7a49b8a6bb3be91ca61c6799065a0667dcb4dc35582bb248e
Instruction Fuzzy Hash: 3A419F7270068081FB27EB22E854BEB63A1F79CBC8F888021EB4547AB5DF79C585C740

Uniqueness

Uniqueness Score: -1.00%

Function 000000014006C3C0 Relevance: 24.2, APIs: 16, Instructions: 223filewindowCOMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,?,?,?,?,00000001400289CF), ref: 000000014006C3FF
GetFullPathNameW.KERNEL32(?,?,?,?,?,00000001400289CF), ref: 000000014006C449
GetFileAttributesW.KERNEL32(?,?,?,?,?,00000001400289CF), ref: 000000014006C488
GetFileAttributesW.KERNEL32(?,?,?,?,?,00000001400289CF), ref: 000000014006C4CA
FindFirstFileW.KERNEL32(?,?,?,?,?,00000001400289CF), ref: 000000014006C511
GetLastError.KERNEL32(?,?,?,?,?,00000001400289CF), ref: 000000014006C520
GetTickCount.KERNEL32 ref: 000000014006C610
PeekMessageW.USER32 ref: 000000014006C63C
GetTickCount.KERNEL32 ref: 000000014006C653
MoveFileW.KERNEL32 ref: 000000014006C6DC
DeleteFileW.KERNEL32 ref: 000000014006C6F2
MoveFileW.KERNEL32 ref: 000000014006C70A
CopyFileW.KERNEL32 ref: 000000014006C719
GetLastError.KERNEL32 ref: 000000014006C723
FindNextFileW.KERNEL32 ref: 000000014006C735
FindClose.KERNEL32 ref: 000000014006C756

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: File$Find$AttributesCountErrorFullLastMoveNamePathTick$CloseCopyDeleteFirstMessageNextPeek
String ID:
API String ID: 1736343220-0
Opcode ID: eeb903dc2d26a3fe0958f64a3cc15026f3b927be2c8f746f5084ed9a988314bb
Instruction ID: 79b3006321cdf311a7d10382ef0949fd9525ff1e63cb107ac64a1da45b11b71d
Opcode Fuzzy Hash: eeb903dc2d26a3fe0958f64a3cc15026f3b927be2c8f746f5084ed9a988314bb
Instruction Fuzzy Hash: B5A1A132210A8185EB22DF26E840BFD33A1FB58BD8FA48611EB5D476F4DB74C685C750

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140029EF0 Relevance: 23.2, APIs: 6, Strings: 7, Instructions: 424windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32 ref: 000000014002A241

Strings

Check, xrefs: 000000014002A0E3
Vis, xrefs: 000000014002A1C1
Icon, xrefs: 000000014002A17C
Invalid option., xrefs: 000000014002A203
Focus, xrefs: 000000014002A099
Select, xrefs: 000000014002A04F
Col, xrefs: 000000014002A142

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: MessageSend
String ID: Check$Col$Focus$Icon$Invalid option.$Select$Vis
API String ID: 3850602802-503926001
Opcode ID: 56e7e41665cdd55afb47ab008465baf9f3a554faa61e1f3d68e3f630b27a7e33
Instruction ID: f4f219a7b6826fc0400ce4600ac753c9ab3edae5d44c9388f5bd7dce007dbd80
Opcode Fuzzy Hash: 56e7e41665cdd55afb47ab008465baf9f3a554faa61e1f3d68e3f630b27a7e33
Instruction Fuzzy Hash: 1512CF7260468086EB66DF26D4543EA37A1E78EBD8F44411AFF4A47AB9DF7CC984C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001FC20 Relevance: 19.8, APIs: 13, Instructions: 301keyboardthreadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 000000014001FC70
MapVirtualKeyW.USER32 ref: 000000014001FCEF

Part of subcall function 0000000140023EF0: MapVirtualKeyW.USER32(?,?,000005DC,000000014001FD0C), ref: 0000000140023F24

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Virtual$CurrentThread
String ID:
API String ID: 1638833223-0
Opcode ID: bdc894e039ec52adf191c63eec82c27dafdd723dc9a4fdc7f7397218c6bde346
Instruction ID: dcd510dc6539ebb3944c50732aecd2de39c8cd898c3e5886c8b3ff5954b95174
Opcode Fuzzy Hash: bdc894e039ec52adf191c63eec82c27dafdd723dc9a4fdc7f7397218c6bde346
Instruction Fuzzy Hash: 48C136712002A086F7779B27A5503FA66E2BB9D7C4F04452AFF860B6F5CB7A8C45E310

Uniqueness

Uniqueness Score: -1.00%

Function 000000014006CBC0 Relevance: 18.2, APIs: 12, Instructions: 179processsynchronizationCOMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32 ref: 000000014006CD04
GetProcessId.KERNEL32 ref: 000000014006CD1A
WaitForSingleObject.KERNEL32 ref: 000000014006CD29
CloseHandle.KERNEL32 ref: 000000014006CD34
GetLastError.KERNEL32 ref: 000000014006CD53
CreateToolhelp32Snapshot.KERNEL32 ref: 000000014006CD75
Process32FirstW.KERNEL32 ref: 000000014006CD86
Process32NextW.KERNEL32 ref: 000000014006CD94
Process32NextW.KERNEL32 ref: 000000014006CDE0
CloseHandle.KERNEL32 ref: 000000014006CDED
CloseHandle.KERNEL32 ref: 000000014006CE26
CloseHandle.KERNEL32 ref: 000000014006CE38

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CloseHandle$Process32$NextProcess$CreateErrorFirstLastObjectOpenSingleSnapshotToolhelp32Wait
String ID:
API String ID: 2845856064-0
Opcode ID: 8fc793c337cb8315fa228c8d38c63f260dd849eef2875a683f8c5c7517d8da3b
Instruction ID: 4d50bce82f579856e269fa22d620e2ab2d71889743dcb0b7f492f2bea5b5d47e
Opcode Fuzzy Hash: 8fc793c337cb8315fa228c8d38c63f260dd849eef2875a683f8c5c7517d8da3b
Instruction Fuzzy Hash: 9861543621468142EA7697179D44BFE62A2FB4DBD1F688825FF4D436F4EB38C841D310

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000260C Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 184windowthreadCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 000000014000192B
GetMessageW.USER32 ref: 0000000140001981
GetForegroundWindow.USER32 ref: 00000001400024EC
GetWindowThreadProcessId.USER32 ref: 0000000140002503
GetClassNameW.USER32 ref: 0000000140002525
IsDialogMessageW.USER32 ref: 0000000140002573
GetClassLongW.USER32 ref: 0000000140002619
GetWindowLongPtrW.USER32 ref: 000000014000263A

Strings

#32770, xrefs: 0000000140002535

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Window$ClassLongMessage$CountDialogForegroundNameProcessThreadTick
String ID: #32770
API String ID: 3033631328-463685578
Opcode ID: 1e76b0e4848886d363f8ac671c2fa73e534208e57d0e1302b471ff45dec0e4c9
Instruction ID: 81857a2477c59fec3a28fb6101180fd9410f6b86d682e023a6a8ec29183bb257
Opcode Fuzzy Hash: 1e76b0e4848886d363f8ac671c2fa73e534208e57d0e1302b471ff45dec0e4c9
Instruction Fuzzy Hash: 97914AB620868086EB66CB27E8543E977A2F78DBD4F544115EF4A177B8CB38C945DB00

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000C0B4 Relevance: 16.2, APIs: 5, Strings: 4, Instructions: 426fileCOMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32 ref: 000000014000C22E
WriteFile.KERNEL32 ref: 000000014000C588
CloseHandle.KERNEL32 ref: 000000014000C5B4
WriteFile.KERNEL32 ref: 000000014000C64C
CloseHandle.KERNEL32 ref: 000000014000C678

Strings

VUUU, xrefs: 000000014000C2FD
</response>, xrefs: 000000014000C4FF
<response command="source" success="1" transaction_id="%e" encoding="base64">, xrefs: 000000014000C292
<response command="source" success="0" transaction_id="%e"/>, xrefs: 000000014000C6BD

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CloseFileHandleWrite$Info
String ID: </response>$<response command="source" success="0" transaction_id="%e"/>$<response command="source" success="1" transaction_id="%e" encoding="base64">$VUUU
API String ID: 1727933286-561900851
Opcode ID: 4fbc946d99f13ef0f90a1f74e9d82280b969860613419e885f5a362edcbf26e1
Instruction ID: 4615b18248b3e48fc43e6b1d6530294d79f78952ad8a579c7af3c1935341cbde
Opcode Fuzzy Hash: 4fbc946d99f13ef0f90a1f74e9d82280b969860613419e885f5a362edcbf26e1
Instruction Fuzzy Hash: 3812CEB2325B4086EB66CF66E450BED63A0FB48BD4F545219FF5A67AA9CF38C540C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014005CE30 Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 331registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.ADVAPI32(?,?,?,?,?,000000014005A8EF), ref: 000000014005CEF2
RegQueryInfoKeyW.ADVAPI32 ref: 000000014005CF3B
RegCloseKey.ADVAPI32(?,?,?,?,?,000000014005A8EF), ref: 000000014005CF4A
RegEnumValueW.ADVAPI32 ref: 000000014005CFE2
RegEnumKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,000000014005A8EF), ref: 000000014005D0E7
GetTickCount.KERNEL32 ref: 000000014005D196

Part of subcall function 000000014005A010: GetTickCount.KERNEL32 ref: 000000014005A087
Part of subcall function 000000014005A010: PeekMessageW.USER32 ref: 000000014005A0B8
Part of subcall function 000000014005A010: GetTickCount.KERNEL32 ref: 000000014005A0CF
Part of subcall function 000000014005A010: GetTickCount.KERNEL32 ref: 000000014005A145

GetTickCount.KERNEL32 ref: 000000014005D296
RegCloseKey.ADVAPI32(?,?,?,?,?,000000014005A8EF), ref: 000000014005D3C8

Strings

%s%s%s, xrefs: 000000014005D336

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CountTick$CloseEnum$InfoMessageOpenPeekQueryValue
String ID: %s%s%s
API String ID: 1940444692-3094730333
Opcode ID: d2e61b8c64aba5085da4612e3398950bc9e37db3df35f515e4e01106ab508119
Instruction ID: 2ad3fe5e436fb87da2629d57f012d4a1b20e8c91a61a376b7c046a89718a74ed
Opcode Fuzzy Hash: d2e61b8c64aba5085da4612e3398950bc9e37db3df35f515e4e01106ab508119
Instruction Fuzzy Hash: F3F11572604B8189EB72CF66A8807EA73A5F78D7D4F144126EB9D47BB8DB39C541C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400027CE Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 153windowCOMMON

Download Yara Rule

APIs

GetMessageW.USER32 ref: 0000000140001981
GetClassLongW.USER32 ref: 00000001400027DF
GetWindowLongPtrW.USER32 ref: 00000001400027FE
DragFinish.SHELL32 ref: 0000000140002CD5

Strings

#32770, xrefs: 0000000140002535

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Long$ClassDragFinishMessageWindow
String ID: #32770
API String ID: 2113207214-463685578
Opcode ID: 5d19153865f3a67c9ce714ee3aae9ced3635b607635fcc42d4316b31770b0af9
Instruction ID: 97bca13195f52d4a0f1a975ca4f30a0bb5ac03896678fe6696676ef65dd9e863
Opcode Fuzzy Hash: 5d19153865f3a67c9ce714ee3aae9ced3635b607635fcc42d4316b31770b0af9
Instruction Fuzzy Hash: 827134B660965086FB66CB27E8503E937A2FB8DBD0F548115EF4A17BB4CB38C945DB00

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140007780 Relevance: 15.8, APIs: 2, Strings: 7, Instructions: 67clipboardCOMMON

Download Yara Rule

APIs

GetClipboardFormatNameW.USER32 ref: 00000001400077BA
GetClipboardData.USER32 ref: 0000000140007882

Strings

ObjectLink, xrefs: 00000001400077DF
OwnerLink, xrefs: 00000001400077F4
Link Source, xrefs: 00000001400077C6
MSDEVColumnSelect, xrefs: 0000000140007833
MSDEVLineSelect, xrefs: 0000000140007848
Native, xrefs: 0000000140007809
Embed Source, xrefs: 000000014000781E

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Clipboard$DataFormatName
String ID: Embed Source$Link Source$MSDEVColumnSelect$MSDEVLineSelect$Native$ObjectLink$OwnerLink
API String ID: 3172747766-1844231336
Opcode ID: e3c9a9746ac282e7e970d11fdd9b8935da4bda7c7ad7a125f40c8527a37e865e
Instruction ID: d81249cccab82eab5bede757a5be7dc1a70160123ca47dfcbc755457e08b0b5b
Opcode Fuzzy Hash: e3c9a9746ac282e7e970d11fdd9b8935da4bda7c7ad7a125f40c8527a37e865e
Instruction Fuzzy Hash: 1C311EB261464291FB26DB16F8947E923A1F79C3C4F848026BB4D875B5EF7CC649D700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003F960 Relevance: 14.4, APIs: 4, Strings: 4, Instructions: 410windowCOMMON

Download Yara Rule

APIs

ShowWindow.USER32 ref: 000000014003FDDD
GetForegroundWindow.USER32 ref: 000000014003FE93
IsWindowVisible.USER32 ref: 000000014003FEB6
DwmGetWindowAttribute.DWMAPI ref: 000000014003FEE4

Strings

., xrefs: 000000014003FA70
%.17g, xrefs: 000000014003FA15
Target window not found., xrefs: 000000014003FC14, 000000014003FC59
ahk_group, xrefs: 000000014003FAB5

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Window$AttributeForegroundShowVisible
String ID: %.17g$.$Target window not found.$ahk_group
API String ID: 796407916-1395348258
Opcode ID: 6799b98d8746d82bc15af626af90635f3ab0b693c892f4710665c9785bbc5909
Instruction ID: ff3bf67e8d97b4c26144dec6605fe8c02aefe9509e9e8219b1ed718545242788
Opcode Fuzzy Hash: 6799b98d8746d82bc15af626af90635f3ab0b693c892f4710665c9785bbc5909
Instruction Fuzzy Hash: 7202CB7120468589FB63AB23A5143FB73A1FB8DBC8F544126EF49476B5EB78C880E700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014002F820 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 326libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 000000014002F858
GetProcAddress.KERNEL32 ref: 000000014002F868
GetModuleHandleW.KERNEL32 ref: 000000014002FAA7
GetProcAddress.KERNEL32 ref: 000000014002FAB7

Strings

SystemFunction036, xrefs: 000000014002F861, 000000014002FAB0
Number, xrefs: 000000014002F963, 000000014002F980
Advapi32, xrefs: 000000014002F84B, 000000014002FAA0
An internal function call failed., xrefs: 000000014002FC80

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: Advapi32$An internal function call failed.$Number$SystemFunction036
API String ID: 1646373207-678479747
Opcode ID: e95c01405ecc2da4f765c8ea9c71eba1169503b08c637fb28b225376fb0af0b6
Instruction ID: 19924129e6589892fd92434f36f4263114a956f4f837f98662d3aad899fe02a9
Opcode Fuzzy Hash: e95c01405ecc2da4f765c8ea9c71eba1169503b08c637fb28b225376fb0af0b6
Instruction Fuzzy Hash: 31D1A371604A4481EA67DB2795647FA6391AB8DBD0F69823AFB0E177B1DF35CC81E300

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140029780 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 106fileCOMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32 ref: 0000000140029823
FindFirstFileW.KERNEL32 ref: 0000000140029867
FindNextFileW.KERNEL32 ref: 00000001400298A2
FindNextFileW.KERNEL32 ref: 00000001400298CA
FindClose.KERNEL32 ref: 00000001400298E1
FindClose.KERNEL32 ref: 00000001400298F3

Strings

., xrefs: 00000001400298AC
\\?\, xrefs: 00000001400297B8

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Find$File$CloseNext$AttributesFirst
String ID: .$\\?\
API String ID: 318733699-1717246988
Opcode ID: 22ebcf6ab1c161f610ed45ce32986bf010b8e8e85ea7b26165e20528d1e8c9d1
Instruction ID: 1ccb5ffe96613daf382a1888bec778e6dd3c4fa64e28d0b95ed2322420ad28ba
Opcode Fuzzy Hash: 22ebcf6ab1c161f610ed45ce32986bf010b8e8e85ea7b26165e20528d1e8c9d1
Instruction Fuzzy Hash: BE418E3660478181EB628F17F8503B962A1FB9ABD0F9C9229FB95436E4DF78CD85C740

Uniqueness

Uniqueness Score: -1.00%

Function 000000014002716C Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 42COMMON

Download Yara Rule

APIs

GetDiskFreeSpaceW.KERNEL32 ref: 00000001400271B3
GetLastError.KERNEL32 ref: 00000001400271BD

Strings

Ready, xrefs: 00000001400271FF
Unknown, xrefs: 00000001400271DB
NotReady, xrefs: 00000001400271E4
ReadOnly, xrefs: 00000001400271ED
Invalid, xrefs: 00000001400271F6

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: DiskErrorFreeLastSpace
String ID: Invalid$NotReady$ReadOnly$Ready$Unknown
API String ID: 1766372604-585993333
Opcode ID: 39f7dcb66a60f25c6d2e69e45326e2c6d401d6957d6538df47d80c0d9d147818
Instruction ID: f5dee007f64a9122d804245272e6d1e8f29747ad2550171696cf5cf1ad3324c8
Opcode Fuzzy Hash: 39f7dcb66a60f25c6d2e69e45326e2c6d401d6957d6538df47d80c0d9d147818
Instruction Fuzzy Hash: 11115271204A46D1EA67CB1AE888BE92365FB4C780F844116F78D43AB4EB38CD59C340

Uniqueness

Uniqueness Score: -1.00%

Function 000000014005C950 Relevance: 12.3, APIs: 8, Instructions: 281fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32 ref: 000000014005CA50
FindNextFileW.KERNEL32 ref: 000000014005CA85
GetTickCount.KERNEL32 ref: 000000014005CB81
FindNextFileW.KERNEL32 ref: 000000014005CBE6

Part of subcall function 000000014005C950: FindNextFileW.KERNEL32 ref: 000000014005CDED
Part of subcall function 000000014005C950: FindClose.KERNEL32 ref: 000000014005CDFE

FindClose.KERNEL32 ref: 000000014005CC1F
FindFirstFileW.KERNEL32 ref: 000000014005CC68

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Find$File$Next$CloseFirst$CountTick
String ID:
API String ID: 1617099276-0
Opcode ID: d7e8f7a13cf5937fcef5dfaf0eb8f43e62a6d551720171a470e76beec005620e
Instruction ID: e1b1713c91f2ef48adf5d10faf617cc97376aa767caaed075739504fcd9a9a46
Opcode Fuzzy Hash: d7e8f7a13cf5937fcef5dfaf0eb8f43e62a6d551720171a470e76beec005620e
Instruction Fuzzy Hash: 55D1E271214B8486EB62DF26E8447EA77E0F389BD4F448225EBAA477F4DB79C445C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400210C0 Relevance: 10.7, APIs: 7, Instructions: 243COMMON

Download Yara Rule

APIs

GetCursorPos.USER32 ref: 0000000140021176
GetSystemMetrics.USER32 ref: 00000001400211CD
GetSystemMetrics.USER32 ref: 00000001400211DF
GetCursorPos.USER32 ref: 0000000140021254

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CursorMetricsSystem
String ID:
API String ID: 3091566494-0
Opcode ID: 148dbb4d9735cfe6e568a12dcb01c333680b3be8af3b9b687c4d3f1dbba1073d
Instruction ID: 8003d722f9eb6136db5916c577753cedd06e7849ed5ef1ccd2222fe45aff6d8c
Opcode Fuzzy Hash: 148dbb4d9735cfe6e568a12dcb01c333680b3be8af3b9b687c4d3f1dbba1073d
Instruction Fuzzy Hash: 1F91E2723006508BE7168FABA9803ED32D2B7DC7C0F14412CFB86C3AA5CA39DD958B40

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001E241 Relevance: 10.7, APIs: 7, Instructions: 160keyboardthreadCOMMON

Download Yara Rule

APIs

GetKeyState.USER32 ref: 000000014001F257
GetKeyState.USER32 ref: 000000014001F26A
GetForegroundWindow.USER32 ref: 000000014001F2B1
GetWindowThreadProcessId.USER32 ref: 000000014001F2BC
AttachThreadInput.USER32 ref: 000000014001F2F9

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: StateThreadWindow$AttachForegroundInputProcess
String ID:
API String ID: 1229699718-0
Opcode ID: 9f65819b8ecd6293ebf423b4a65d5416498106c53898bcb167ee0af9b2c0bbb1
Instruction ID: 28b1e2376583cbdaec120c0af34dd6cd9aac9ac74a9abc402754f8557421bb7e
Opcode Fuzzy Hash: 9f65819b8ecd6293ebf423b4a65d5416498106c53898bcb167ee0af9b2c0bbb1
Instruction Fuzzy Hash: E081F172504280CAF7639B2BE8447F93BA1E74C7D8F04411AF7854B6F6CB3A8586EB10

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140023080 Relevance: 10.6, APIs: 7, Instructions: 139keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardLayout.USER32 ref: 0000000140023093
ToUnicodeEx.USER32 ref: 00000001400230F7
ToUnicodeEx.USER32 ref: 000000014002312E
ToUnicodeEx.USER32 ref: 000000014002315E
VkKeyScanExW.USER32 ref: 0000000140023189
ToUnicodeEx.USER32 ref: 0000000140023254
MapVirtualKeyExW.USER32 ref: 0000000140023296

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Unicode$KeyboardLayoutScanVirtual
String ID:
API String ID: 128590864-0
Opcode ID: e95ce8d7020b94cddf26b5795dcdaeead364c31cb0d02bb84069c8a326ae1757
Instruction ID: 90008bd4731f4e1de881c1b368101e20e072822b3be411406866e40227106f9a
Opcode Fuzzy Hash: e95ce8d7020b94cddf26b5795dcdaeead364c31cb0d02bb84069c8a326ae1757
Instruction Fuzzy Hash: F151D03220469486F7768B12E4153EAB3A1F78D795F88811AFBC9036E9CB3CC949CB11

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140029230 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 93timefileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32 ref: 00000001400292E1
GetLastError.KERNEL32 ref: 00000001400292ED
FindClose.KERNEL32 ref: 0000000140029307
FileTimeToLocalFileTime.KERNEL32 ref: 0000000140029318
FileTimeToSystemTime.KERNEL32 ref: 000000014002933F

Strings

%04d%02d%02d%02d%02d%02d, xrefs: 0000000140029379

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: FileTime$Find$CloseErrorFirstLastLocalSystem
String ID: %04d%02d%02d%02d%02d%02d
API String ID: 3800350769-4847443
Opcode ID: 11b5ae121aede2ce4c9f4d89fbd3a9dfef37191a8fa5636ba0adf2821004d211
Instruction ID: 936e0c331740e7d57fc4235fff54236f7f592c7bbaa422ee563d3cd24c1da6db
Opcode Fuzzy Hash: 11b5ae121aede2ce4c9f4d89fbd3a9dfef37191a8fa5636ba0adf2821004d211
Instruction Fuzzy Hash: C5419E72618681D2EB658F16F0843EDB761F788BD4F548116FB99436E8DB3CC985C710

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400011A0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 85libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00000001400011BE
GetProcAddress.KERNEL32 ref: 00000001400011CE
GetVersionExW.KERNEL32 ref: 00000001400011FE

Strings

RtlGetVersion, xrefs: 00000001400011C7
%u.%u.%u, xrefs: 000000014000120A
ntdll.dll, xrefs: 00000001400011B1

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: AddressHandleModuleProcVersion
String ID: %u.%u.%u$RtlGetVersion$ntdll.dll
API String ID: 3310240892-3038598640
Opcode ID: 4f43a9c3fda9c7a89a565173d939fc814dad5b3c4a1bc23df9a25d21b49f90d9
Instruction ID: 5ff04c1bdf52c8e3a375902f28dd0cbd055b095ad91d7d105ecabcd8b26ad957
Opcode Fuzzy Hash: 4f43a9c3fda9c7a89a565173d939fc814dad5b3c4a1bc23df9a25d21b49f90d9
Instruction Fuzzy Hash: 90415EF0A092818AF713DB67BA40FD63BA0A76DB44F84004DDB68937B1DA7DC548C751

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140026B3C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 82fileCOMMON

Download Yara Rule

APIs

GetDriveTypeW.KERNEL32 ref: 0000000140026BBA
CreateFileW.KERNEL32 ref: 0000000140026BEE
DeviceIoControl.KERNEL32 ref: 0000000140026C38
CloseHandle.KERNEL32 ref: 0000000140026C43

Strings

., xrefs: 0000000140026B69
\, xrefs: 0000000140026B5D

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CloseControlCreateDeviceDriveFileHandleType
String ID: .$\
API String ID: 3103408351-1588022913
Opcode ID: 54badcbd39a72c38a623f2e6fa07f4e9766c1ec956f62831d5e58ba943f9a138
Instruction ID: 54591f6ccdbe6058aab5265b11a7fa8376d8960a265ac652398455d77e7d4fcf
Opcode Fuzzy Hash: 54badcbd39a72c38a623f2e6fa07f4e9766c1ec956f62831d5e58ba943f9a138
Instruction Fuzzy Hash: CE31A176710A40CAE721CF72A8447ED37A4F7487D8F555619EF99A3BA8CB38C985CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400295E0 Relevance: 9.1, APIs: 6, Instructions: 97fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 0000000140029654
GetFileSizeEx.KERNEL32 ref: 0000000140029676
CloseHandle.KERNEL32 ref: 0000000140029681
FindFirstFileW.KERNEL32 ref: 00000001400296A5
GetLastError.KERNEL32 ref: 00000001400296B1
FindClose.KERNEL32 ref: 00000001400296E6

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: File$CloseFind$CreateErrorFirstHandleLastSize
String ID:
API String ID: 2200430037-0
Opcode ID: 18a5b86213b0339e7c79b28b6d11e2ef0b8e8398862aa857ecf8383ed2c9c57c
Instruction ID: f38c011088169c92639564752aec75cb9a54368eef77fa6db70493ace0f5d1e9
Opcode Fuzzy Hash: 18a5b86213b0339e7c79b28b6d11e2ef0b8e8398862aa857ecf8383ed2c9c57c
Instruction Fuzzy Hash: 92417F76218B8086EB729F16F4487A977A1F74CBE0F148619EF5947BB4DB38C8419700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400D00D8 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00000001400D0151
RtlLookupFunctionEntry.KERNEL32 ref: 00000001400D0169
RtlVirtualUnwind.KERNEL32 ref: 00000001400D01A4
IsDebuggerPresent.KERNEL32 ref: 00000001400D01DD
SetUnhandledExceptionFilter.KERNEL32 ref: 00000001400D01E7
UnhandledExceptionFilter.KERNEL32 ref: 00000001400D01F2

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: 424bca160bff8f16c28186baba2ed76aba4c4cbd6a2a66caac757d17b9f4fdc5
Instruction ID: e6106713e9931a14a6ad76546475ca85d0f20a2f685bd26d91b072e9ae843756
Opcode Fuzzy Hash: 424bca160bff8f16c28186baba2ed76aba4c4cbd6a2a66caac757d17b9f4fdc5
Instruction Fuzzy Hash: EA314936214F8086EB618F26E8447EE73A4FB89794F544126EB9D43BA9DF38C5468B10

Uniqueness

Uniqueness Score: -1.00%

Function 000000014002C050 Relevance: 7.5, APIs: 3, Strings: 1, Instructions: 452COMMON

Download Yara Rule

APIs

GetKeyboardLayout.USER32 ref: 000000014002C105
IsCharAlphaW.USER32 ref: 000000014002C4C6

Strings

Out of memory., xrefs: 000000014002C575

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: AlphaCharKeyboardLayout
String ID: Out of memory.
API String ID: 1265737128-4087320997
Opcode ID: 15dca5860d2e74c77aeb69d3f03f0f7ed94de72c022857ba56cecfc583db2056
Instruction ID: 4ccbeaf6c6cd2b83b32988bc7f578437bc95a5b91a9b71cff082bf4324990826
Opcode Fuzzy Hash: 15dca5860d2e74c77aeb69d3f03f0f7ed94de72c022857ba56cecfc583db2056
Instruction Fuzzy Hash: 4802017A62466185FB269B6780607FE27A1E70C7D8F84402AFF8A17AF5D638C845D360

Uniqueness

Uniqueness Score: -1.00%

Function 000000014009DF20 Relevance: 6.0, APIs: 4, Instructions: 48windowCOMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(?,?,?,?,?,?,?,?,?,?,?,000005DC,80000000,0000000140020C78), ref: 000000014009DF55
IsIconic.USER32 ref: 000000014009DF66
GetWindowRect.USER32 ref: 000000014009DF7D
ClientToScreen.USER32 ref: 000000014009DFA1

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Window$ClientForegroundIconicRectScreen
String ID:
API String ID: 4031265896-0
Opcode ID: 41106bca8e4d6fdee1269fd7711f10c2eee4d523243b74d23d70f71a623b0654
Instruction ID: 1e5b58f1f12b006bc8d336e935c356a55b24407bda8b50d3abaaa08a629e62ad
Opcode Fuzzy Hash: 41106bca8e4d6fdee1269fd7711f10c2eee4d523243b74d23d70f71a623b0654
Instruction Fuzzy Hash: CA111C3620478086E7619F5AF851769F3B1EB98BD4F048026FB8983B68EB7CC855CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400078A0 Relevance: 6.0, APIs: 4, Instructions: 47clipboardCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 00000001400078C1
OpenClipboard.USER32 ref: 00000001400078D0
GetTickCount.KERNEL32 ref: 00000001400078EF
OpenClipboard.USER32 ref: 000000014000792A

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: ClipboardCountOpenTick
String ID:
API String ID: 420724667-0
Opcode ID: a48e17466997e5ac35c7dfe74067a632dbb42f07f43360ba36abceb57f30a5ae
Instruction ID: d09b8feaa4d8e01456d64f682ad2d4a7b9ec1128acd7469e45b344cda75df2ce
Opcode Fuzzy Hash: a48e17466997e5ac35c7dfe74067a632dbb42f07f43360ba36abceb57f30a5ae
Instruction Fuzzy Hash: B4118CB0A11A4082F7569F23F8847A932A2FB8CB84F448128EB4D837B5DB7CC4459B10

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400342D0 Relevance: 4.6, APIs: 3, Instructions: 133comCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32 ref: 0000000140034310
CoTaskMemFree.OLE32 ref: 000000014003440F
CoTaskMemFree.OLE32 ref: 0000000140034431

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: FreeTask$CreateInstance
String ID:
API String ID: 2903366249-0
Opcode ID: de130d481df6d246c8daeabcfd6670aa84f9b1bf6eb00bec03ca93117cdf682a
Instruction ID: 777b2e01834d3a1d8fc253f6b0307b3dcbd23a40f4199b8289b27b5cd4028ce5
Opcode Fuzzy Hash: de130d481df6d246c8daeabcfd6670aa84f9b1bf6eb00bec03ca93117cdf682a
Instruction Fuzzy Hash: 2241363A301A5482EB16DFA7D8503AE67A1FB88BD8F548021EF0947B65DF35D84AC340

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140068600 Relevance: 4.6, APIs: 3, Instructions: 58keyboardCOMMON

Download Yara Rule

APIs

GetKeyState.USER32 ref: 0000000140068621

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: State
String ID:
API String ID: 1649606143-0
Opcode ID: 3996871507479036042684bcc4021d9056f638709d0320c508f73213e79c6dda
Instruction ID: 753206a5835683367809f88daa9ef4f9472e5889a422fe984dbc783afa635e9f
Opcode Fuzzy Hash: 3996871507479036042684bcc4021d9056f638709d0320c508f73213e79c6dda
Instruction Fuzzy Hash: D11104B2A1000443FB775727D8A93F823D3E76D791F985A04FB59072F5EA394ADA8710

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003D3B0 Relevance: 3.1, APIs: 2, Instructions: 52COMMON

Download Yara Rule

APIs

GetComputerNameW.KERNEL32 ref: 000000014003D3DD
GetUserNameW.ADVAPI32 ref: 000000014003D3E5

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Name$ComputerUser
String ID:
API String ID: 4229901323-0
Opcode ID: eb6e886ef39af206d3f3327bd0b8fb97085d052b64a8f252ebfaca08e5dfc3a5
Instruction ID: 32cd38a5ae7f9d9d058559465e7d8956614bb015f5e85b4939abdd8f3aff5431
Opcode Fuzzy Hash: eb6e886ef39af206d3f3327bd0b8fb97085d052b64a8f252ebfaca08e5dfc3a5
Instruction Fuzzy Hash: 9A215832204B8492EA269F12E1903DE73B4F74CBD4F458226EBAD437A1EF78D695C740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140043590 Relevance: 3.0, APIs: 2, Instructions: 28windowCOMMON

Download Yara Rule

APIs

IsZoomed.USER32 ref: 00000001400435BB
IsIconic.USER32 ref: 00000001400435DB

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: IconicZoomed
String ID:
API String ID: 435559836-0
Opcode ID: 2a8e69cc5ae1fddbdf88daa0268b87576c453ce8237c10e4bcfeb49a51466850
Instruction ID: 8f9127c491b996b4847d71c8234740fac82b451291c4ddedd448e0e4b26e1660
Opcode Fuzzy Hash: 2a8e69cc5ae1fddbdf88daa0268b87576c453ce8237c10e4bcfeb49a51466850
Instruction Fuzzy Hash: 13F03A71608A8486DB119B2AE85039A6BA0F7DABC4FA04121FB8DC37B4DE3DC5468B00

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140048D4A Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

GetKeyboardLayout.USER32 ref: 0000000140048D6C

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: KeyboardLayout
String ID:
API String ID: 194098044-0
Opcode ID: aa1ee48bbcc0d2d99731703874260b3da3270325b6916f486c62deb5a078c9d6
Instruction ID: 02948c7bad4c4e422c11b89e1abe5ab7a936529dc2eb7e288da650bcf4cd9432
Opcode Fuzzy Hash: aa1ee48bbcc0d2d99731703874260b3da3270325b6916f486c62deb5a078c9d6
Instruction Fuzzy Hash: 0C11017250159085E7768B6AD0103FE77B1EB29BD8F4A8832FF82431E4E738C855C319

Uniqueness

Uniqueness Score: -1.00%

Function 000000014002CFA0 Relevance: 73.9, APIs: 40, Strings: 2, Instructions: 400windowtimelibraryCOMMON

Download Yara Rule

APIs

SetWindowLongPtrW.USER32 ref: 000000014002D03D
SendDlgItemMessageW.USER32 ref: 000000014002D064
SetWindowTextW.USER32 ref: 000000014002D070
SetDlgItemTextW.USER32 ref: 000000014002D082
GetModuleHandleW.KERNEL32 ref: 000000014002D08F
GetProcAddress.KERNEL32 ref: 000000014002D09F
SetDlgItemTextW.USER32 ref: 000000014002D0BC
SetDlgItemTextW.USER32 ref: 000000014002D0D4
GetClientRect.USER32 ref: 000000014002D0E1
GetWindowLongW.USER32 ref: 000000014002D111
AdjustWindowRect.USER32 ref: 000000014002D120
SystemParametersInfoW.USER32 ref: 000000014002D157
MoveWindow.USER32 ref: 000000014002D1B2
GetClientRect.USER32 ref: 000000014002D1BF
SendMessageW.USER32 ref: 000000014002D1DB
SetDlgItemTextW.USER32 ref: 000000014002D1F2
GetForegroundWindow.USER32 ref: 000000014002D1F8
SendMessageW.USER32 ref: 000000014002D239
SendMessageW.USER32 ref: 000000014002D24E
SetTimer.USER32 ref: 000000014002D26E
GetDlgItem.USER32 ref: 000000014002D281
GetWindowRect.USER32 ref: 000000014002D28E
GetDlgItem.USER32 ref: 000000014002D2A2
GetWindowRect.USER32 ref: 000000014002D2AF
GetWindowLongPtrW.USER32 ref: 000000014002D2E2
GetDlgItem.USER32 ref: 000000014002D2F3
KillTimer.USER32 ref: 000000014002D31C
EndDialog.USER32 ref: 000000014002D329
GetDlgItem.USER32 ref: 000000014002D35A
GetWindowRect.USER32 ref: 000000014002D36F
MoveWindow.USER32 ref: 000000014002D3DE
GetDlgItem.USER32 ref: 000000014002D3EC
GetWindowRect.USER32 ref: 000000014002D406
MoveWindow.USER32 ref: 000000014002D470

Strings

user32.dll, xrefs: 000000014002D088
MB_GetString, xrefs: 000000014002D098

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Window$Item$Rect$Text$MessageSend$LongMove$ClientTimer$AddressAdjustDialogForegroundHandleInfoKillModuleParametersProcSystem
String ID: MB_GetString$user32.dll
API String ID: 1342405604-1499153162
Opcode ID: 1fa8083e5e2a84330fe11154431abb781694cbe8818833f8754b6cabe81ea8d7
Instruction ID: 7aa84403fa8cafd2ea37ad6e16d9102f360cd6579235d4fcd5ca4ab372027f5d
Opcode Fuzzy Hash: 1fa8083e5e2a84330fe11154431abb781694cbe8818833f8754b6cabe81ea8d7
Instruction Fuzzy Hash: 12F170727106008BE725CB6AE9547BD37A2F74CBC4F548129EF4A53BA8DF38D9468710

Uniqueness

Uniqueness Score: -1.00%

Function 000000014002A6B0 Relevance: 46.0, APIs: 9, Strings: 17, Instructions: 466windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32 ref: 000000014002A722
SendMessageW.USER32 ref: 000000014002A768

Strings

Icon, xrefs: 000000014002AB0B
Invalid option., xrefs: 000000014002AC34
Right, xrefs: 000000014002A936, 000000014002AB1F
Left, xrefs: 000000014002A980
Sort, xrefs: 000000014002AA5F
Locale, xrefs: 000000014002AA04
Desc, xrefs: 000000014002A9C4, 000000014002AA73
Case, xrefs: 000000014002A9EB
Hdr, xrefs: 000000014002AADF
Logical, xrefs: 000000014002AA37
Text, xrefs: 000000014002A915
Uni, xrefs: 000000014002A9A3
Float, xrefs: 000000014002A8EB
Center, xrefs: 000000014002A95A
NoSort, xrefs: 000000014002AAA4
Auto, xrefs: 000000014002AACB
Integer, xrefs: 000000014002A8BB

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: MessageSend
String ID: Auto$Case$Center$Desc$Float$Hdr$Icon$Integer$Invalid option.$Left$Locale$Logical$NoSort$Right$Sort$Text$Uni
API String ID: 3850602802-3402781573
Opcode ID: 781617fb86264e587e45b8206646482e198b3693bb4d4c6b0d2fca88f1d24b76
Instruction ID: f1e2fa2d140c01f896ae1e2d70c5d367be161c25a4b2feedceaa14d210e1a881
Opcode Fuzzy Hash: 781617fb86264e587e45b8206646482e198b3693bb4d4c6b0d2fca88f1d24b76
Instruction Fuzzy Hash: 9F22CE727046918BFB26CB76D4407ED37B2A71A7C8F504029FF8A57AA9DE38C946D340

Uniqueness

Uniqueness Score: -1.00%

Function 000000014002B230 Relevance: 31.8, APIs: 8, Strings: 10, Instructions: 319windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32 ref: 000000014002B64A

Strings

Check, xrefs: 000000014002B4C9
Expand, xrefs: 000000014002B454
Vis, xrefs: 000000014002B3C2
Icon, xrefs: 000000014002B51B
VisFirst, xrefs: 000000014002B3DF
Invalid option., xrefs: 000000014002B609
Bold, xrefs: 000000014002B402
Select, xrefs: 000000014002B38D
Sort, xrefs: 000000014002B552
First, xrefs: 000000014002B592

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: MessageSend
String ID: Bold$Check$Expand$First$Icon$Invalid option.$Select$Sort$Vis$VisFirst
API String ID: 3850602802-2126331379
Opcode ID: a35d23067877e7015b532250066c81caee36de1cf9eac021e6917dad0cb0ba52
Instruction ID: 50f0c08742ed61d2032d47370e6e6bf9f5ffc10c001e9f4cd7093ed0a6264e57
Opcode Fuzzy Hash: a35d23067877e7015b532250066c81caee36de1cf9eac021e6917dad0cb0ba52
Instruction Fuzzy Hash: 43E1EE32704A958AFB62DB66D4407EE37B1E7487D8F50411AEF8A57AF9DB38C846C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140014920 Relevance: 28.4, APIs: 15, Strings: 1, Instructions: 399threadkeyboardwindowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32 ref: 0000000140014A13
GetForegroundWindow.USER32 ref: 0000000140014A8A
GetWindowThreadProcessId.USER32 ref: 0000000140014AA1
GetGUIThreadInfo.USER32 ref: 0000000140014AB6
GetWindowThreadProcessId.USER32 ref: 0000000140014ACB
GetKeyboardLayout.USER32 ref: 0000000140014AD5
GetClassNameW.USER32 ref: 0000000140014B03
ToUnicodeEx.USER32 ref: 0000000140014C31
ToUnicodeEx.USER32 ref: 0000000140014C64
GetKeyState.USER32 ref: 0000000140014C86
ToUnicodeEx.USER32 ref: 0000000140014CF7
ToUnicodeEx.USER32 ref: 0000000140014E1F

Strings

ApplicationFrameWindow, xrefs: 0000000140014B09

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Unicode$ThreadWindow$Process$ClassForegroundInfoKeyboardLayoutMessageNamePostState
String ID: ApplicationFrameWindow
API String ID: 4050567146-3747838517
Opcode ID: 218e7b83f5eb2c8e7176f5ef3c350d603da5645422c7d04de95885cbc7f91e06
Instruction ID: 9292510e6e19fbebae22ff7e62855b3d51a8df17dfc9e347c0f09c5933e2d333
Opcode Fuzzy Hash: 218e7b83f5eb2c8e7176f5ef3c350d603da5645422c7d04de95885cbc7f91e06
Instruction Fuzzy Hash: A502D3722047D486EB228F26E4403EE77A1F78DB84F45421AEF895B7B5DB39C545CB10

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000FB00 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 140windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32 ref: 000000014000FBBB
SendMessageW.USER32 ref: 000000014000FBD3
SendMessageW.USER32 ref: 000000014000FBF0
SendMessageW.USER32 ref: 000000014000FC5E
SendMessageW.USER32 ref: 000000014000FC79
SendMessageW.USER32 ref: 000000014000FCC0
SendMessageW.USER32 ref: 000000014000FCDC
SendMessageW.USER32 ref: 000000014000FD4E

Strings

Call stack:, xrefs: 000000014000FBC1
Stack, xrefs: 000000014000FB43
\, xrefs: 000000014000FB95
.ahk (, xrefs: 000000014000FC80
!, xrefs: 000000014000FBA2
\, xrefs: 000000014000FC32
, xrefs: 000000014000FC50
!, xrefs: 000000014000FC40

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: MessageSend
String ID: $!$!$.ahk ($Call stack:$Stack$\$\
API String ID: 3850602802-136706711
Opcode ID: 396a792ce5b3ea134f5c815ade6e08470a872f25e6ec387ecba99cd2aa2588f6
Instruction ID: 82d9148081cc5120461263ebf3aba5b1402e1cb0383f69feef038900162a5702
Opcode Fuzzy Hash: 396a792ce5b3ea134f5c815ade6e08470a872f25e6ec387ecba99cd2aa2588f6
Instruction Fuzzy Hash: 3A513F72204A8582EB21DF56E4157EE73A1FB88BC4F54C026AB4943FA4DB7CD58ADB00

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000CA44 Relevance: 26.5, APIs: 9, Strings: 6, Instructions: 278networkCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32 ref: 000000014000CA7D
socket.WSOCK32 ref: 000000014000CAAC
WSASetLastError.WSOCK32 ref: 000000014000CB0A
connect.WSOCK32 ref: 000000014000CB5F

Part of subcall function 000000014000CF74: MessageBoxW.USER32 ref: 000000014000CFA0

Strings

DBGP_COOKIE, xrefs: 000000014000CC51
An internal error has occurred in the debugger engine.Continue running the script without the debugger?, xrefs: 000000014000CA8A
DBGP_IDEKEY, xrefs: 000000014000CBB6
Failed to connect to an active debugger client., xrefs: 000000014000CB27
Failed to connect to an active debugger client.Continue running the script without the debugger?, xrefs: 000000014000CE7A
<init appid="AutoHotkey" ide_key="%e" session="%e" thread="%u" parent="" language="AutoHotkey" protocol_version="1.0" fileuri="%r"/>, xrefs: 000000014000CD1F

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: ErrorLastMessageStartupconnectsocket
String ID: <init appid="AutoHotkey" ide_key="%e" session="%e" thread="%u" parent="" language="AutoHotkey" protocol_version="1.0" fileuri="%r"/>$An internal error has occurred in the debugger engine.Continue running the script without the debugger?$DBGP_COOKIE$DBGP_IDEKEY$Failed to connect to an active debugger client.$Failed to connect to an active debugger client.Continue running the script without the debugger?
API String ID: 729609403-3505966831
Opcode ID: 03d7cbc9fcde15db2010810b17c41da9f3b64f488473ba05652c4b7d578d9ee4
Instruction ID: cef4481e29f7d1c4b9233c321390a611709d51d03b3cf5d555c8ccf45293c4e7
Opcode Fuzzy Hash: 03d7cbc9fcde15db2010810b17c41da9f3b64f488473ba05652c4b7d578d9ee4
Instruction Fuzzy Hash: 3AD14AB2215B8082EB16DB66E850BE977A0F78CBC4F04461AEF5A57BB9DF38C541D700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140046A30 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 229windowCOMMON

Download Yara Rule

APIs

DestroyIcon.USER32 ref: 0000000140046AE2
DestroyIcon.USER32 ref: 0000000140046AF0
GetSystemMetrics.USER32 ref: 0000000140046C08
GetSystemMetrics.USER32 ref: 0000000140046C15
GetSystemMetrics.USER32 ref: 0000000140046C55
GetSystemMetrics.USER32 ref: 0000000140046C62
DestroyIcon.USER32 ref: 0000000140046CA4
DestroyIcon.USER32 ref: 0000000140046CF2
DestroyIcon.USER32 ref: 0000000140046D00
GetModuleFileNameW.KERNEL32 ref: 0000000140046D36
GetFullPathNameW.KERNEL32 ref: 0000000140046D55
FreeLibrary.KERNEL32 ref: 0000000140046D87

Strings

Out of memory. The current thread will exit., xrefs: 0000000140046E27
HICON:, xrefs: 0000000140046B71
Can't load icon., xrefs: 0000000140046BDB, 0000000140046DBE

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: DestroyIcon$MetricsSystem$Name$FileFreeFullLibraryModulePath
String ID: Can't load icon.$HICON:$Out of memory. The current thread will exit.
API String ID: 3423328202-2238219798
Opcode ID: c5cda481bdfaaf9d95d0a3c9e0e07ea034255489de0d2e068af5f0976f90436a
Instruction ID: d5bbcad2a68653648f0d4a65e572c63bc90445fbbcb30f5494c0179a3427a7e8
Opcode Fuzzy Hash: c5cda481bdfaaf9d95d0a3c9e0e07ea034255489de0d2e068af5f0976f90436a
Instruction Fuzzy Hash: D4B17271304B8085EA669F23E8507EA27A5FB8DBC0F494029EF8957BB1EF38C441CB55

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400A2E70 Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 213windowtimememoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400A31F0: EnumChildWindows.USER32 ref: 00000001400A32C2
Part of subcall function 00000001400A31F0: EnumChildWindows.USER32 ref: 00000001400A32EC

SendMessageTimeoutW.USER32 ref: 00000001400A2FA3
GetWindowThreadProcessId.USER32 ref: 00000001400A2FD2
OpenProcess.KERNEL32 ref: 00000001400A2FE2
VirtualAllocEx.KERNEL32 ref: 00000001400A3009
CloseHandle.KERNEL32 ref: 00000001400A301A
GetTickCount.KERNEL32 ref: 00000001400A303D
SendMessageTimeoutW.USER32 ref: 00000001400A3088
SendMessageTimeoutW.USER32 ref: 00000001400A30CF
ReadProcessMemory.KERNEL32 ref: 00000001400A30F6
IsWindow.USER32 ref: 00000001400A3122
GetTickCount.KERNEL32 ref: 00000001400A3134
VirtualFreeEx.KERNEL32 ref: 00000001400A3170
CloseHandle.KERNEL32 ref: 00000001400A3179

Strings

No StatusBar., xrefs: 00000001400A2EEA, 00000001400A2F22
msctls_statusbar321, xrefs: 00000001400A2E93

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: MessageProcessSendTimeout$ChildCloseCountEnumHandleTickVirtualWindowWindows$AllocFreeMemoryOpenReadThread
String ID: No StatusBar.$msctls_statusbar321
API String ID: 3407604232-1591047504
Opcode ID: 3803c8052ae71d106e2f6689585dd4d7190f81ece6d8687426c21201564d11d4
Instruction ID: 5676ea86f47b7a4a1f921471c46261178ed1ae56b5332398b453c590ee096cde
Opcode Fuzzy Hash: 3803c8052ae71d106e2f6689585dd4d7190f81ece6d8687426c21201564d11d4
Instruction Fuzzy Hash: 42915D7630478086EB628B16F8547EA67A1FB9CBD4F444229FF8943BA4DB7CC585CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400A2440 Relevance: 24.9, APIs: 13, Strings: 1, Instructions: 370windowthreadCOMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(?,0000000140017E57), ref: 00000001400A24A7
IsWindowVisible.USER32 ref: 00000001400A24C1
DwmGetWindowAttribute.DWMAPI ref: 00000001400A24E4
IsWindow.USER32 ref: 00000001400A25CC
IsWindowVisible.USER32 ref: 00000001400A25EA
DwmGetWindowAttribute.DWMAPI(?,0000000140017E57), ref: 00000001400A260B
GetWindowLongW.USER32 ref: 00000001400A2626
GetWindowTextW.USER32 ref: 00000001400A267A
GetWindowThreadProcessId.USER32 ref: 00000001400A2697
GetWindowThreadProcessId.USER32 ref: 00000001400A26AF
GetClassNameW.USER32 ref: 00000001400A26F3
EnumChildWindows.USER32 ref: 00000001400A2994
EnumWindows.USER32 ref: 00000001400A29DD

Strings

, xrefs: 00000001400A2832

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Window$AttributeEnumProcessThreadVisibleWindows$ChildClassForegroundLongNameText
String ID:
API String ID: 461396857-3916222277
Opcode ID: 73d42d6d7e33039eeaee51972421491caf91df37a3043a67b4426a6877bbcbbe
Instruction ID: 31ce4df825730b6fcf4e9e7081eb39d1d19cf99ddaf825be9ba07fb76abfad00
Opcode Fuzzy Hash: 73d42d6d7e33039eeaee51972421491caf91df37a3043a67b4426a6877bbcbbe
Instruction Fuzzy Hash: A3027E7270478185FB668B6AD4447ED67A1FB687C8F044226FF4A57AB8DB78C9C0CB40

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140006E50 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 171clipboardCOMMON

Download Yara Rule

APIs

IsClipboardFormatAvailable.USER32 ref: 0000000140006E78
IsClipboardFormatAvailable.USER32 ref: 0000000140006E87
GlobalUnlock.KERNEL32 ref: 0000000140006F0E
CloseClipboard.USER32 ref: 0000000140006F1B

Part of subcall function 0000000140007600: GlobalUnlock.KERNEL32(?,?,?,?,0000000D,0000000140006F5A), ref: 0000000140007627
Part of subcall function 0000000140007600: CloseClipboard.USER32(?,?,?,?,0000000D,0000000140006F5A), ref: 0000000140007634

Strings

GlobalLock, xrefs: 0000000140006F4E
Can't open clipboard for reading., xrefs: 0000000140006EB6

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Clipboard$AvailableCloseFormatGlobalUnlock
String ID: Can't open clipboard for reading.$GlobalLock
API String ID: 3455333789-2469064134
Opcode ID: 43493f959cc677dc866e6b4409e2b61ce4f7eff5cdc0abb17c7af32e75e9099d
Instruction ID: 364f5b4e674551645a779352b321ba83f7851cecac1fda8a8ee8e2ab3646cc47
Opcode Fuzzy Hash: 43493f959cc677dc866e6b4409e2b61ce4f7eff5cdc0abb17c7af32e75e9099d
Instruction Fuzzy Hash: 64717DB5601B15C1FA239B27F800BEA72E6AB4CBD0F154229EB59537B0EF79C8029310

Uniqueness

Uniqueness Score: -1.00%

Function 000000014002C880 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 136COMMON

Download Yara Rule

Strings

Match, xrefs: 000000014002CA8B
Stopped, xrefs: 000000014002CA9D
sc%03X, xrefs: 000000014002CA61
EndKey, xrefs: 000000014002C903, 000000014002CA82
Timeout, xrefs: 000000014002CA94
Max, xrefs: 000000014002C8D4
H, xrefs: 000000014002C965

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID:
String ID: EndKey$H$Match$Max$Stopped$Timeout$sc%03X
API String ID: 0-2590842051
Opcode ID: 2022a53077d726e411971a65dcd39fff54e9eb01eba2f081f4e8c777a5153538
Instruction ID: 3c89875c36ca25bfb463aec9ad4de739c5b4f318da18eea2d1fb87c11d0c1730
Opcode Fuzzy Hash: 2022a53077d726e411971a65dcd39fff54e9eb01eba2f081f4e8c777a5153538
Instruction Fuzzy Hash: 4651DF7931478485EB26DF23A454BE973A1FB8DBC4F48801AEB8903BB5DB38C946C341

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400086BC Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 109libraryloaderCOMMON

Download Yara Rule

APIs

GetSystemDirectoryA.KERNEL32 ref: 000000014000874D
LoadLibraryA.KERNEL32 ref: 0000000140008792
GetProcAddress.KERNEL32 ref: 00000001400087A6
FreeLibrary.KERNEL32 ref: 00000001400087B4
LoadLibraryA.KERNEL32 ref: 00000001400087E4
GetProcAddress.KERNEL32 ref: 00000001400087F8
GetProcAddress.KERNEL32 ref: 0000000140008812

Strings

\ws2_32, xrefs: 0000000140008779
getaddrinfo, xrefs: 00000001400086F2
\wship6, xrefs: 00000001400087CB
getnameinfo, xrefs: 00000001400086F9
freeaddrinfo, xrefs: 000000014000871E

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: AddressLibraryProc$Load$DirectoryFreeSystem
String ID: \ws2_32$\wship6$freeaddrinfo$getaddrinfo$getnameinfo
API String ID: 4000602377-744132762
Opcode ID: e7de3b43e527802901f0ec36925fcb241a27c3be126581c61effdda7c727cece
Instruction ID: 70f987835c88b4f38b3cb38c3a506682c33dbb7dc74eaf9e8064911aef4a297f
Opcode Fuzzy Hash: e7de3b43e527802901f0ec36925fcb241a27c3be126581c61effdda7c727cece
Instruction Fuzzy Hash: E0512876215B4091EB22DB12F8883E973A5FB48BD0F948126EE8E13774DF78C54AD710

Uniqueness

Uniqueness Score: -1.00%

Function 000000014002B8B0 Relevance: 21.2, APIs: 14, Instructions: 182windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32 ref: 000000014002B90B

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 10d0f4c7bca51948e69ec7f76c2918a0d5ae743559b1cfd5d3b0ebbf438bcbc7
Instruction ID: 288fc3bef980088e4737cdc1a74e4f598e59f45e1af4fcb63317e51aaa8c5dd3
Opcode Fuzzy Hash: 10d0f4c7bca51948e69ec7f76c2918a0d5ae743559b1cfd5d3b0ebbf438bcbc7
Instruction Fuzzy Hash: AC61713571571181FA678743A4207E962D2EF9CFD0F188429EF490BBA4EA7DCD839701

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003CD70 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 147windowlibraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 000000014003CEBB
GetProcAddress.KERNEL32 ref: 000000014003CECB
GetSystemMetrics.USER32 ref: 000000014003CEDD
FindWindowW.USER32 ref: 000000014003CEF8
MulDiv.KERNEL32 ref: 000000014003CF12
LoadImageW.USER32 ref: 000000014003CF36
Shell_NotifyIconW.SHELL32 ref: 000000014003CF4C
Shell_NotifyIconW.SHELL32 ref: 000000014003CF5F
Shell_NotifyIconW.SHELL32 ref: 000000014003CFB3

Strings

user32.dll, xrefs: 000000014003CEAE
Shell_TrayWnd, xrefs: 000000014003CEF1
GetDpiForWindow, xrefs: 000000014003CEC4

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: IconNotifyShell_$AddressFindHandleImageLoadMetricsModuleProcSystemWindow
String ID: GetDpiForWindow$Shell_TrayWnd$user32.dll
API String ID: 2322492689-3718927445
Opcode ID: 72ebdcb2fc8c5504227c3001ba6b0ed423ae8ef3559db6210a52e754f54f2df0
Instruction ID: d6cbc8fa7438736ab107560b0fc886020921e6c4210944446034173953855cc2
Opcode Fuzzy Hash: 72ebdcb2fc8c5504227c3001ba6b0ed423ae8ef3559db6210a52e754f54f2df0
Instruction Fuzzy Hash: 7C61807121074086FB539B27E850BEA27A6AB4DFD4F18852AFB45932B5DF38C865C310

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140022D50 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 125registrylibraryloaderCOMMON

Download Yara Rule

APIs

ActivateKeyboardLayout.USER32 ref: 0000000140022D70
GetKeyboardLayoutNameW.USER32 ref: 0000000140022DE1
RegOpenKeyExW.ADVAPI32 ref: 0000000140022E0E
RegQueryValueExW.ADVAPI32 ref: 0000000140022E57
RegCloseKey.ADVAPI32 ref: 0000000140022E66
LoadLibraryW.KERNEL32 ref: 0000000140022EDD
ActivateKeyboardLayout.USER32 ref: 0000000140022EF6
GetProcAddress.KERNEL32 ref: 0000000140022F0B
FreeLibrary.KERNEL32 ref: 0000000140022F26

Strings

KbdLayerDescriptor, xrefs: 0000000140022F01
Layout File, xrefs: 0000000140022E2F

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: KeyboardLayout$ActivateLibrary$AddressCloseFreeLoadNameOpenProcQueryValue
String ID: KbdLayerDescriptor$Layout File
API String ID: 1777063618-3758344021
Opcode ID: 56653ad3d58c9c75aed3448171c772eac10b2685ef3e0c54e0c7ce495bbd2f79
Instruction ID: 5c660dde4ae9c49ad7fe69eaa97c9db6e6bd4221d61f89ec985ca19c96cc2e3a
Opcode Fuzzy Hash: 56653ad3d58c9c75aed3448171c772eac10b2685ef3e0c54e0c7ce495bbd2f79
Instruction Fuzzy Hash: 2E518F32740A8196FB63CF6AA8407E963A1BF9C794F459129EF4847B74EF38C9469700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140046830 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 94windowlibraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00000001400468FB
GetProcAddress.KERNEL32 ref: 000000014004690B
GetSystemMetrics.USER32 ref: 000000014004691D
FindWindowW.USER32 ref: 0000000140046938
MulDiv.KERNEL32 ref: 0000000140046952
LoadImageW.USER32 ref: 0000000140046979
Shell_NotifyIconW.SHELL32 ref: 0000000140046997
Shell_NotifyIconW.SHELL32 ref: 00000001400469AF

Strings

user32.dll, xrefs: 00000001400468EE
Shell_TrayWnd, xrefs: 0000000140046931
GetDpiForWindow, xrefs: 0000000140046904

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: IconNotifyShell_$AddressFindHandleImageLoadMetricsModuleProcSystemWindow
String ID: GetDpiForWindow$Shell_TrayWnd$user32.dll
API String ID: 2322492689-3718927445
Opcode ID: 5611fd8e438885bbe0602197e7ccb512934c54d1f2f6a3ec331e51369c49c575
Instruction ID: a8290b2470564f24dfec0fb15063f09df572338f4060a2d27c696e6238fee145
Opcode Fuzzy Hash: 5611fd8e438885bbe0602197e7ccb512934c54d1f2f6a3ec331e51369c49c575
Instruction Fuzzy Hash: FC419FB120169086FB528B23A8503E937E5EB0DFC4F09413AEF89472B5EF79C848CB15

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400D0924 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00000001400D0933
FlsGetValue.KERNEL32 ref: 00000001400D0948
FlsSetValue.KERNEL32 ref: 00000001400D0969
FlsSetValue.KERNEL32 ref: 00000001400D0996
FlsSetValue.KERNEL32 ref: 00000001400D09A7
FlsSetValue.KERNEL32 ref: 00000001400D09B8
SetLastError.KERNEL32 ref: 00000001400D09D3
FlsGetValue.KERNEL32 ref: 00000001400D0A09
FlsSetValue.KERNEL32 ref: 00000001400D0A28

Part of subcall function 00000001400D2518: HeapAlloc.KERNEL32(?,?,00000000,00000001400D0AFE,?,?,000082BFA5821DEA,00000001400D0595,?,?,?,?,00000001400D0E5E,?,?,00000000), ref: 00000001400D256D

FlsSetValue.KERNEL32 ref: 00000001400D0A50

Part of subcall function 00000001400D0D8C: HeapFree.KERNEL32(?,?,00000001400CF837,00000001400D5366,?,?,?,00000001400D53A3,?,?,00000000,00000001400D589D,?,?,?,00000001400D57CF), ref: 00000001400D0DA2
Part of subcall function 00000001400D0D8C: GetLastError.KERNEL32(?,?,00000001400CF837,00000001400D5366,?,?,?,00000001400D53A3,?,?,00000000,00000001400D589D,?,?,?,00000001400D57CF), ref: 00000001400D0DAC

FlsSetValue.KERNEL32 ref: 00000001400D0A61
FlsSetValue.KERNEL32 ref: 00000001400D0A72

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Value$ErrorLast$Heap$AllocFree
String ID:
API String ID: 570795689-0
Opcode ID: 55b2b8631ef0a4b68e637ecd22dba7d11ddd625c272c56b6482c65d148f2fefe
Instruction ID: 5b14f979098e7b562c93a7a6a336ac224fedeb3ee03c614df034aa252b5990b3
Opcode Fuzzy Hash: 55b2b8631ef0a4b68e637ecd22dba7d11ddd625c272c56b6482c65d148f2fefe
Instruction Fuzzy Hash: 8B41273430064182FA6BA37774613ED62828F4C7F0F149725BB3A0B6FBDA78D4438A21

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400A38B0 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 339threadCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400C0224: _invalid_parameter_noinfo.LIBCMT ref: 00000001400C0241

GetWindowTextW.USER32 ref: 00000001400A3D1E
GetWindowThreadProcessId.USER32 ref: 00000001400A3D4A
GetWindowThreadProcessId.USER32 ref: 00000001400A3D65
GetClassNameW.USER32 ref: 00000001400A3DAD

Strings

exe, xrefs: 00000001400A39FB
pid, xrefs: 00000001400A39C5
group, xrefs: 00000001400A39E2
ahk_, xrefs: 00000001400A3960, 00000001400A3A27
class, xrefs: 00000001400A3A14

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Window$ProcessThread$ClassNameText_invalid_parameter_noinfo
String ID: ahk_$class$exe$group$pid
API String ID: 1721056113-2955265324
Opcode ID: 183d68eb4f578de8bcb8a594e6be2901f39867184aef330816d5902be8c75238
Instruction ID: 8213f08824855f87dbd82a8cbae45c254f16c603d21e6a6adab6440c9d2a133d
Opcode Fuzzy Hash: 183d68eb4f578de8bcb8a594e6be2901f39867184aef330816d5902be8c75238
Instruction Fuzzy Hash: E3E1BF3220574482FB66DB17E8447EA73A5E7687D0F864225FB99877F1EB78C485CB00

Uniqueness

Uniqueness Score: -1.00%

Function 000000014005F7E0 Relevance: 17.7, APIs: 2, Strings: 8, Instructions: 151COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32 ref: 000000014005F800
GetWindowTextW.USER32 ref: 000000014005F81C

Strings

..., xrefs: 000000014005F8E6
, xrefs: 000000014005F8FB
Window: %sKeybd hook: %sMouse hook: %sEnabled Timers: %u of %u (%s)Interrupted threads: %d%sPaused threads: %d of %d (%d, xrefs: 000000014005F9E9
(preempted: they will resume when the current thread finishes), xrefs: 000000014005F95E
yes, xrefs: 000000014005F96A
Press [F5] to refresh., xrefs: 000000014005FA34
Key History has been disabled via KeyHistory(0)., xrefs: 000000014005FA3F
%s , xrefs: 000000014005F889

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Window$ForegroundText
String ID: Key History has been disabled via KeyHistory(0).$Press [F5] to refresh.$ $ (preempted: they will resume when the current thread finishes)$%s $...$Window: %sKeybd hook: %sMouse hook: %sEnabled Timers: %u of %u (%s)Interrupted threads: %d%sPaused threads: %d of %d (%d$yes
API String ID: 29597999-1471948537
Opcode ID: c6e32eac616e878067eb90b258d77f25a6929db1dfc1f26d4462af23612c5beb
Instruction ID: a147b3941f3b026c093d5af7e0bb19e1b47a7d0bc82e6b394065685defe890da
Opcode Fuzzy Hash: c6e32eac616e878067eb90b258d77f25a6929db1dfc1f26d4462af23612c5beb
Instruction Fuzzy Hash: A1719F75604B8496EB22DF26E4403EA77A0F78CB80F944126EB89537B5DF3DC949D740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140020BE0 Relevance: 16.8, APIs: 11, Instructions: 291COMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32 ref: 0000000140020CE2
mouse_event.USER32 ref: 0000000140020F9C
mouse_event.USER32 ref: 0000000140021013

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: mouse_event$MetricsSystem
String ID:
API String ID: 218841513-0
Opcode ID: c6b767b5f7cdefed2749eff802a5352fad08ab23e555bd60aeebe37bbbca1642
Instruction ID: 82dc31e90b062288269306a943209235f1ff4dc99bf6a7f09e68bd1ef74bddf7
Opcode Fuzzy Hash: c6b767b5f7cdefed2749eff802a5352fad08ab23e555bd60aeebe37bbbca1642
Instruction Fuzzy Hash: C2C1BF7130479086E7B68B1BA5547EA66A1B78DBD4F54411DFF8A43BFACA39CC84CB00

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140002F47 Relevance: 16.7, APIs: 11, Instructions: 195windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32 ref: 0000000140002FA3
SendMessageW.USER32 ref: 0000000140002FD2
SendMessageW.USER32 ref: 0000000140002FFE
SendMessageW.USER32 ref: 000000014000301A
GetWindowRect.USER32 ref: 0000000140003031
MapWindowPoints.USER32 ref: 0000000140003045
SendMessageW.USER32 ref: 000000014000309C
ScreenToClient.USER32 ref: 00000001400030B4
SendMessageW.USER32 ref: 00000001400030CA
SendMessageW.USER32 ref: 00000001400030F2
ScreenToClient.USER32 ref: 000000014000311F

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: MessageSend$ClientScreenWindow$PointsRect
String ID:
API String ID: 477361101-0
Opcode ID: 7a946c89d1066cb12e11aaf8cfec6b5f413924ffc0d9270b63c462eac61b29bc
Instruction ID: ce57565ebc86b32b3097f1c70dfb9602759a3e4c9defa9b822f9a39736d5ffd9
Opcode Fuzzy Hash: 7a946c89d1066cb12e11aaf8cfec6b5f413924ffc0d9270b63c462eac61b29bc
Instruction Fuzzy Hash: 9291B272301A848AEB66CF26E8547ED37B6F78C7A4F504226EB4A57BA8DF34C545C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140015020 Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 313COMMON

Download Yara Rule

APIs

CharLowerW.USER32 ref: 00000001400151C3
CharLowerW.USER32 ref: 00000001400151CF
IsCharAlphaNumericW.USER32 ref: 0000000140015211
GetStringTypeExW.KERNEL32 ref: 000000014001523A
IsCharLowerW.USER32 ref: 0000000140015323
IsCharUpperW.USER32 ref: 0000000140015330
IsCharUpperW.USER32 ref: 0000000140015346
IsCharLowerW.USER32 ref: 0000000140015394

Strings

-()[]{}:;'"/\,.?! , xrefs: 0000000140015150

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Char$Lower$Upper$AlphaNumericStringType
String ID: -()[]{}:;'"/\,.?!
API String ID: 1964238978-2658396598
Opcode ID: 76631c2379347cb0ef53a1d8f964148655f1757eea6bdb010e7178cac28230e3
Instruction ID: ce3fbe2239e9d34bf3e5302f37802ee46c90c5996a0a3c5048485535956dea4a
Opcode Fuzzy Hash: 76631c2379347cb0ef53a1d8f964148655f1757eea6bdb010e7178cac28230e3
Instruction Fuzzy Hash: 7ED1C172214690C6EB63AF66E4803E973A1F708BDAF444119FB466F6B4EB79C991C310

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400436A0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 100COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32 ref: 0000000140043720
SetLastError.KERNEL32 ref: 0000000140043781
SetWindowLongW.USER32 ref: 0000000140043794
GetLastError.KERNEL32 ref: 000000014004379E
GetWindowLongW.USER32 ref: 00000001400437B2
SetWindowPos.USER32 ref: 00000001400437E0
InvalidateRect.USER32 ref: 00000001400437EF

Strings

7, xrefs: 00000001400437C8
+-^, xrefs: 0000000140043729

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Window$Long$ErrorLast$InvalidateRect
String ID: +-^$7
API String ID: 189950902-219994616
Opcode ID: 73f8048acefa41082d85854672ad213925dbe40652548d363064fbd88be0a7dd
Instruction ID: b98ca8fb24304897183ce8915dac54e967d1cda3110fe457ace1bed31b608562
Opcode Fuzzy Hash: 73f8048acefa41082d85854672ad213925dbe40652548d363064fbd88be0a7dd
Instruction Fuzzy Hash: B34151B661864082E7719B27E4407AE73A2F78CBC4F555125FB8983BB9DF3CD4419B04

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000D38C Relevance: 15.3, APIs: 2, Strings: 8, Instructions: 311COMMON

Download Yara Rule

APIs

sprintf.LEGACY_STDIO_DEFINITIONS ref: 000000014000D716

Strings

apos, xrefs: 000000014000D6EF
%%%02X, xrefs: 000000014000D55F
quot, xrefs: 000000014000D701
-_.!~*'()/\, xrefs: 000000014000D480
&%s;, xrefs: 000000014000D70F
-_.!~*()/, xrefs: 000000014000D539
file:///, xrefs: 000000014000D4D3
amp, xrefs: 000000014000D6F8

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: sprintf
String ID: %%%02X$&%s;$-_.!~*'()/\$-_.!~*()/$amp$apos$file:///$quot
API String ID: 590974362-335269696
Opcode ID: ce9f21c469da524fce4b99e7e04f296e1f7ac9a3ae1eb2066d04fd01aa62652c
Instruction ID: 6ca0af727b97511e39348601c6b1c581fe9b694876dae7eb2636a333418a3bb1
Opcode Fuzzy Hash: ce9f21c469da524fce4b99e7e04f296e1f7ac9a3ae1eb2066d04fd01aa62652c
Instruction Fuzzy Hash: E7C1C0B2604A5086FB26DB6BA8503ED3BA0B70DBC8F55002BFF4A476B5EB35C551D321

Uniqueness

Uniqueness Score: -1.00%

Function 000000014009CCD0 Relevance: 15.1, APIs: 10, Instructions: 117COMMON

Download Yara Rule

APIs

CharLowerW.USER32(?,00000000,00000000,000000014001590E,0000000A,00000000,00000000,000000014001568E), ref: 000000014009CCF5
CharUpperW.USER32 ref: 000000014009CD0B
CharLowerW.USER32 ref: 000000014009CD3E
CharUpperW.USER32 ref: 000000014009CD54
CharLowerW.USER32 ref: 000000014009CD9C
CharLowerW.USER32 ref: 000000014009CDA9
CharLowerW.USER32 ref: 000000014009CDCC
CharLowerW.USER32 ref: 000000014009CDD9
CharLowerW.USER32 ref: 000000014009CDF6
CharLowerW.USER32 ref: 000000014009CE03

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Char$Lower$Upper
String ID:
API String ID: 3371602591-0
Opcode ID: ba337d3df143b47735bdd7c2b2afc8f7f2587077dbace194ab3a19806deb7c5f
Instruction ID: 67b632df351dd55b68f7cab96e881b3166245ecad2c5d51451ab0b3dd94418b8
Opcode Fuzzy Hash: ba337d3df143b47735bdd7c2b2afc8f7f2587077dbace194ab3a19806deb7c5f
Instruction Fuzzy Hash: 1141D6B191099082EB6A4F13A8507BE7291FB8CFE5F088516FF97471E4D73CC891D260

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400A1E40 Relevance: 15.1, APIs: 10, Instructions: 75windowtimethreadCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32 ref: 00000001400A1E7C
GetWindowThreadProcessId.USER32 ref: 00000001400A1E93
OpenProcess.KERNEL32(?,?,?,?,?,?,?,000000014003FF91), ref: 00000001400A1EAA
TerminateProcess.KERNEL32(?,?,?,?,?,?,?,000000014003FF91), ref: 00000001400A1EBD
CloseHandle.KERNEL32(?,?,?,?,?,?,?,000000014003FF91), ref: 00000001400A1EC6
PostMessageW.USER32 ref: 00000001400A1ED1
GetTickCount.KERNEL32 ref: 00000001400A1EE5
IsWindow.USER32 ref: 00000001400A1EFF
GetTickCount.KERNEL32 ref: 00000001400A1F10
IsWindow.USER32 ref: 00000001400A1F31

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: ProcessWindow$CountMessageTick$CloseHandleOpenPostSendTerminateThreadTimeout
String ID:
API String ID: 1366898224-0
Opcode ID: 89787fcf77e94cafe116f819818f0599f7e20b28be08091e2ea48a681bf75b36
Instruction ID: ce727cb888c6e625b93d460b8c14e95bc5db74abbaa8fe4eac46bc2368a10e35
Opcode Fuzzy Hash: 89787fcf77e94cafe116f819818f0599f7e20b28be08091e2ea48a681bf75b36
Instruction Fuzzy Hash: 39213E3171078487FA569F27B8147E962A2AFDDBC1F488138AF5A07BB5DF38C4469A10

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400C0BDC Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00000001400C0C1C
_invalid_parameter_noinfo.LIBCMT ref: 00000001400C0FE4
_invalid_parameter_noinfo.LIBCMT ref: 00000001400C1283

Strings

p, xrefs: 00000001400C0D26
f, xrefs: 00000001400C0E69
p, xrefs: 00000001400C0CC1
f, xrefs: 00000001400C0CB4
f, xrefs: 00000001400C0D1E

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: f$f$p$p$f
API String ID: 3215553584-1325933183
Opcode ID: e0f154aaf373d2a8a2c402d70ca73ac018b53d73cf3f3cb9bd4d013b8271bfbe
Instruction ID: 12b37432c98239e0f4cf65519d4e4437ab897a51cbd09bd0f82c83bcfdb9bd76
Opcode Fuzzy Hash: e0f154aaf373d2a8a2c402d70ca73ac018b53d73cf3f3cb9bd4d013b8271bfbe
Instruction Fuzzy Hash: 9412C67270C38186FB2AAB16E0547EA76A1F38A7D4F984115FB8247AE8D77CC581CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400080D8 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 267COMMON

Download Yara Rule

Strings

udp, xrefs: 0000000140008284
tcp, xrefs: 00000001400082BB

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID:
String ID: tcp$udp
API String ID: 0-3725065008
Opcode ID: fc5cb122b0f9bb61937347b5d29cce8e6153f31c7c03c9bf78d033e5f38f29b4
Instruction ID: b55b16c48f43b93241971d7f59f7990ce2de91fda1a564aede4d2f0a7a96db9c
Opcode Fuzzy Hash: fc5cb122b0f9bb61937347b5d29cce8e6153f31c7c03c9bf78d033e5f38f29b4
Instruction Fuzzy Hash: E0A1E0B2605B8082EBB6CF17B4417EA6691BBADBC4F544125FFCA477A1EF38C9459300

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140017840 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 263keyboardCOMMON

Download Yara Rule

APIs

MapVirtualKeyW.USER32 ref: 0000000140017A7A

Strings

NOTE: Only the script's own keyboard events are shown(not the user's), because the keyboard hook isn't installed., xrefs: 00000001400178C4
yes, xrefs: 000000014001785A
E7 %04X%c%c%0.2f%c %s, xrefs: 00000001400179CC
%02X %03X%c%c%0.2f%-15s%s, xrefs: 0000000140017C1A
not found, xrefs: 0000000140017BB0
Modifiers (Hook's Logical) = %sModifiers (Hook's Physical) = %sPrefix key is down: %s, xrefs: 00000001400178A1
NOTE: To disable the key history shown below, call KeyHistory(0). The same method can be used to change the size of the history, xrefs: 00000001400178D5

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Virtual
String ID: %02X %03X%c%c%0.2f%-15s%s$E7 %04X%c%c%0.2f%c %s$NOTE: Only the script's own keyboard events are shown(not the user's), because the keyboard hook isn't installed.$NOTE: To disable the key history shown below, call KeyHistory(0). The same method can be used to change the size of the history$Modifiers (Hook's Logical) = %sModifiers (Hook's Physical) = %sPrefix key is down: %s$not found$yes
API String ID: 4278518827-276158223
Opcode ID: e2cbd22726a7865bec083472010cc48d559b8372ee2578d05dea3955ac0dc26e
Instruction ID: a5e00fc6f6fbffadbafa1a3de60d9ac45652530cc7c8bce0b8dfcc8df85f860c
Opcode Fuzzy Hash: e2cbd22726a7865bec083472010cc48d559b8372ee2578d05dea3955ac0dc26e
Instruction Fuzzy Hash: 59C1CE7661878486E726DB56E490BEAB3B4F78CBC0F84411AFB894BAB4DB7DC544C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140008B94 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 255networkCOMMON

Download Yara Rule

APIs

WSAAsyncSelect.WSOCK32 ref: 0000000140008BE9
ioctlsocket.WSOCK32 ref: 0000000140008C00
#16.WSOCK32 ref: 0000000140008C66

Strings

An internal error has occurred in the debugger engine.Continue running the script without the debugger?, xrefs: 0000000140008C82
<error code="%i"/></response>, xrefs: 0000000140008DDF
<response command="%s" transaction_id="%e, xrefs: 0000000140008DB7
<response command="%s" transaction_id="%e"/>, xrefs: 0000000140008F15

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: AsyncSelectioctlsocket
String ID: <error code="%i"/></response>$<response command="%s" transaction_id="%e$<response command="%s" transaction_id="%e"/>$An internal error has occurred in the debugger engine.Continue running the script without the debugger?
API String ID: 2629561747-4209491096
Opcode ID: 647d34c965b91914b04bd1b4d9e22e818a6f8f9c48c40bf43a058d74ad954ae5
Instruction ID: bac89f41bc0f395a65093f73fe7668529f07e729511d6f96d0ecac8347a7b3a9
Opcode Fuzzy Hash: 647d34c965b91914b04bd1b4d9e22e818a6f8f9c48c40bf43a058d74ad954ae5
Instruction Fuzzy Hash: 0CB1ABB220168085FB72DB2BE4543E927A2B75CBD8F545222EF99472F5EF78C846C310

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140042890 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 194COMMON

Download Yara Rule

APIs

CreateEllipticRgn.GDI32 ref: 0000000140042AE4
CreateRoundRectRgn.GDI32 ref: 0000000140042B09
CreateRectRgn.GDI32 ref: 0000000140042B1B
CreatePolygonRgn.GDI32 ref: 0000000140042B2E
SetWindowRgn.USER32 ref: 0000000140042B4D
DeleteObject.GDI32 ref: 0000000140042B5A
SetWindowRgn.USER32 ref: 0000000140042BB4

Strings

ind, xrefs: 00000001400429B7

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Create$RectWindow$DeleteEllipticObjectPolygonRound
String ID: ind
API String ID: 1229101157-166120149
Opcode ID: 7e7ce2b3b5f361bd5794a13ec595d64ed6dea03a631bbbc2a77c3267feaa738d
Instruction ID: b10a2700e05df787d79dd6a7e4806dabda623d74969a8271da0cb6b5620d0d9e
Opcode Fuzzy Hash: 7e7ce2b3b5f361bd5794a13ec595d64ed6dea03a631bbbc2a77c3267feaa738d
Instruction Fuzzy Hash: 7F81BE3231468282EB779B07E4103EE6395FB8CBC4F894035AF4A47BE9DB79C9418749

Uniqueness

Uniqueness Score: -1.00%

Function 000000014008B860 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 176windowCOMMON

Download Yara Rule

APIs

SetMenuDefaultItem.USER32 ref: 000000014008BA61
GetMenu.USER32 ref: 000000014008BA84
IsWindowVisible.USER32 ref: 000000014008BA93
SetWindowPos.USER32 ref: 000000014008BABB
RedrawWindow.USER32 ref: 000000014008BAD0

Strings

7, xrefs: 000000014008BA9D
Out of memory., xrefs: 000000014008B8F6
&Open, xrefs: 000000014008B916

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Window$Menu$DefaultItemRedrawVisible
String ID: &Open$7$Out of memory.
API String ID: 3179908897-4282791463
Opcode ID: 07b35e72ff67c26046284c7247d3b489610f877d402085b6cd58e95f443d7877
Instruction ID: 1f837915973623b27da8e1d1d5b57f660fd9c3c82d12bbc7bdea1e0f08b54a9f
Opcode Fuzzy Hash: 07b35e72ff67c26046284c7247d3b489610f877d402085b6cd58e95f443d7877
Instruction Fuzzy Hash: 4B717B73200B4082EB6A9F17E5807AA77A5FB48BD4F149425EB8907BB4DF38CA91C701

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000849C Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 139COMMON

Download Yara Rule

Strings

udp, xrefs: 0000000140008565
65535, xrefs: 00000001400084B5

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID:
String ID: 65535$udp
API String ID: 0-1267037602
Opcode ID: 74fccd7207e0305c7f7cef0121a90b924b7a41723053fd2a4e6171051b7f34f3
Instruction ID: 636b295b883a596f78f7e2b7cb10ce2af3785b7d878f8f3cf7d7318aaf6870b9
Opcode Fuzzy Hash: 74fccd7207e0305c7f7cef0121a90b924b7a41723053fd2a4e6171051b7f34f3
Instruction Fuzzy Hash: F95136B220468086FA779A16A4143E96791F788BC4F498426FFC64B6F5CF7AC8429700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140026DB8 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 97COMMON

Download Yara Rule

APIs

GetDriveTypeW.KERNEL32 ref: 0000000140026EAD

Strings

Unknown, xrefs: 0000000140026E5C
Network, xrefs: 0000000140026E2C
Fixed, xrefs: 0000000140026E14
:, xrefs: 0000000140026E8D
CDROM, xrefs: 0000000140026DE7
Removable, xrefs: 0000000140026DFC
RAMDisk, xrefs: 0000000140026E44

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: DriveType
String ID: :$CDROM$Fixed$Network$RAMDisk$Removable$Unknown
API String ID: 338552980-2555398676
Opcode ID: 909a4ed793ef40446d93ff385883bb3838f0dbeb9c5c60e0a76f77d72afbc8f2
Instruction ID: cedc6639ab1cbf0f754efa16f276096b415d30660c9b5c073d13743465cdb74d
Opcode Fuzzy Hash: 909a4ed793ef40446d93ff385883bb3838f0dbeb9c5c60e0a76f77d72afbc8f2
Instruction Fuzzy Hash: 35416BB620474582FA26CB67E4403E9B3A0FB4CBD0F964029FB8547AB5EB79CC45C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140027218 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 55COMMON

Download Yara Rule

APIs

mciSendStringW.WINMM ref: 0000000140027259
mciSendStringW.WINMM ref: 0000000140027290
mciSendStringW.WINMM ref: 00000001400272AB
mciSendStringW.WINMM ref: 00000001400272C2

Strings

status cd mode, xrefs: 00000001400272A4
status cdaudio mode, xrefs: 000000014002724F
close cd wait, xrefs: 00000001400272B4
open %s type cdaudio alias cd wait shareable, xrefs: 000000014002726D

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: SendString
String ID: close cd wait$open %s type cdaudio alias cd wait shareable$status cd mode$status cdaudio mode
API String ID: 890592661-1928455816
Opcode ID: d83ad806e646e5c31f0c19bd6b1a3a2134731d7313152e749ee0cfbeb934c543
Instruction ID: fc7ed4aaff60ac7a9b70570785083fd0cf4f17390d018e0bbc05a7da8656e318
Opcode Fuzzy Hash: d83ad806e646e5c31f0c19bd6b1a3a2134731d7313152e749ee0cfbeb934c543
Instruction Fuzzy Hash: A811A772310641C2FB229BB7E464FE52350EF6CB89F849021FB4947AB1EA3CC98D8710

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400280A0 Relevance: 13.9, APIs: 2, Strings: 7, Instructions: 355COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 000000014002852A
GetLastError.KERNEL32 ref: 00000001400285A7

Strings

stdout, xrefs: 0000000140028338
Invalid option., xrefs: 00000001400284A4
@, xrefs: 00000001400281FE
Raw, xrefs: 0000000140028458
Ptr, xrefs: 0000000140028273
Size, xrefs: 00000001400282A7
, xrefs: 00000001400283F0

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: ErrorLast
String ID: $@$Invalid option.$Ptr$Raw$Size$stdout
API String ID: 1452528299-1120262061
Opcode ID: 1c98a925bf9093adf7b647cae7f0ec22a57c18780ac45f61d32cbfb89e3b7443
Instruction ID: 675fb4d50e25badc3ca97a1fbb576dd48880fe2966fcb9a33888f95b70662432
Opcode Fuzzy Hash: 1c98a925bf9093adf7b647cae7f0ec22a57c18780ac45f61d32cbfb89e3b7443
Instruction Fuzzy Hash: 82E1CD7A206B9482EB76DB17A5003EA67A1F74DBE4F48421AEF5947BE5DB38CC45C300

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140022780 Relevance: 13.6, APIs: 9, Instructions: 117keyboardCOMMON

Download Yara Rule

APIs

GetAsyncKeyState.USER32 ref: 00000001400227B7
GetAsyncKeyState.USER32 ref: 00000001400227D2
GetAsyncKeyState.USER32 ref: 00000001400227EF
GetAsyncKeyState.USER32 ref: 000000014002280C
GetAsyncKeyState.USER32 ref: 0000000140022829
GetAsyncKeyState.USER32 ref: 0000000140022846
GetAsyncKeyState.USER32 ref: 0000000140022861
GetAsyncKeyState.USER32 ref: 000000014002287C
GetTickCount.KERNEL32 ref: 00000001400228B7

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: AsyncState$CountTick
String ID:
API String ID: 2436570381-0
Opcode ID: aef10cbef0ed53b1b30a3c37c509fedd19f8dc7236106950a77cc7134f9278c6
Instruction ID: 519411c5d654a85a7b78f5c7ba6b8614bbb4fcb546991d8110f19e5540545a42
Opcode Fuzzy Hash: aef10cbef0ed53b1b30a3c37c509fedd19f8dc7236106950a77cc7134f9278c6
Instruction Fuzzy Hash: 7A416EB960477456E7179B53A4F03F833E1AB4D7A1F48451EBBD2532F5CE3C8449A620

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400143C0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 296windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32 ref: 00000001400145D6
FindWindowW.USER32 ref: 0000000140014755

Part of subcall function 0000000140014210: PostMessageW.USER32 ref: 0000000140014337
Part of subcall function 0000000140014210: PostMessageW.USER32 ref: 0000000140014372
Part of subcall function 0000000140014210: PostMessageW.USER32 ref: 000000014001439D

CallNextHookEx.USER32 ref: 000000014001482E
PostMessageW.USER32 ref: 0000000140014899
PostMessageW.USER32 ref: 00000001400148D2
PostMessageW.USER32 ref: 00000001400148F5

Strings

#32771, xrefs: 00000001400145C8, 0000000140014747

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: MessagePost$FindWindow$CallHookNext
String ID: #32771
API String ID: 2023431067-1822717788
Opcode ID: 95257e05f9c2394e904c9072d8b5a0321848e193cf33783d5dd37016e5ba754d
Instruction ID: 1980ea8f98ef68cd47db0b41871657df9ccc36ebff5f3488b2a9e8d748dd39a3
Opcode Fuzzy Hash: 95257e05f9c2394e904c9072d8b5a0321848e193cf33783d5dd37016e5ba754d
Instruction Fuzzy Hash: 6FE1DF71208BC485F7639F17B8847EA2B91A75EBE4F48000AEB9A1B7B5DB3EC444C315

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140089520 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 180COMMON

Download Yara Rule

APIs

GetKeyboardLayout.USER32 ref: 0000000140089664
CharLowerW.USER32(?,?,?,?,0000000100000000,000000014008941D), ref: 0000000140089670
VkKeyScanExW.USER32(?,?,?,?,0000000100000000,000000014008941D), ref: 000000014008968C
GetKeyboardLayout.USER32 ref: 000000014008971E

Strings

Ctrl, xrefs: 00000001400895BB
Alt, xrefs: 00000001400895E0
Shift, xrefs: 00000001400895FC

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: KeyboardLayout$CharLowerScan
String ID: Alt$Ctrl$Shift
API String ID: 3235444744-3426316353
Opcode ID: 023f4c640116475e036300d9b53919de88955ced18bcebec943c9d8fd534972f
Instruction ID: 5de7bc4a199e3d936ce5be86bf8c9bb9e7b762b9ab59cd174dd11c84cf970eb1
Opcode Fuzzy Hash: 023f4c640116475e036300d9b53919de88955ced18bcebec943c9d8fd534972f
Instruction Fuzzy Hash: 5C61CE33214A4185FB67BA27D1053F96691F70DBE8F8C8012FB85076F5EA38CA91A315

Uniqueness

Uniqueness Score: -1.00%

Function 000000014006BFF0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 163COMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32 ref: 000000014006C04B
GetFullPathNameW.KERNEL32 ref: 000000014006C096
GetFileAttributesW.KERNEL32 ref: 000000014006C0D7
GetFileAttributesW.KERNEL32 ref: 000000014006C167
SHFileOperationW.SHELL32 ref: 000000014006C273

Strings

\, xrefs: 000000014006C072
:, xrefs: 000000014006C127

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: File$AttributesFullNamePath$Operation
String ID: :$\
API String ID: 37051200-1166558509
Opcode ID: d19ae208d031546723495f6f10dda102006523714db42b4d252762e8e2e6a417
Instruction ID: 19ca4a969a3122d41e46637e30e05a87884ff33d2752610a18ddd5678f4ff1c0
Opcode Fuzzy Hash: d19ae208d031546723495f6f10dda102006523714db42b4d252762e8e2e6a417
Instruction Fuzzy Hash: 4061C53222578085EB62CF66D8007FA63B2F75D794FA44915EB5D436F4EB39C586C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140053680 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 161COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32(00000020,000000014005379A), ref: 00000001400536BC
SHGetKnownFolderPath.SHELL32 ref: 00000001400537B1
CoTaskMemFree.OLE32 ref: 00000001400537DB
GetFileAttributesW.KERNEL32 ref: 0000000140053894

Strings

\Lib\, xrefs: 000000014005378B, 00000001400537E8
\AutoHotkey\Lib\, xrefs: 00000001400537B9
%s%s, xrefs: 00000001400536A3

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: AttributesFile$FolderFreeKnownPathTask
String ID: %s%s$\AutoHotkey\Lib\$\Lib\
API String ID: 3145814908-2078434092
Opcode ID: cd269d08f4680e23b4c32f520da4165f9812bb8cf58cfb6783b532d21c37e025
Instruction ID: e516f5b3a10849f4eb63ca0378acc38e7817e70a0a7b7b6cd1c43ac3ee77abf6
Opcode Fuzzy Hash: cd269d08f4680e23b4c32f520da4165f9812bb8cf58cfb6783b532d21c37e025
Instruction Fuzzy Hash: 2B61C272604B8491EB22DF66E8843E9A360FB4CBD4F844126EB9D537B5EFB8C546C300

Uniqueness

Uniqueness Score: -1.00%

Function 000000014008AFB0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 152windowCOMMON

Download Yara Rule

APIs

SetMenuItemInfoW.USER32 ref: 000000014008B1A7

Part of subcall function 00000001400C0224: _invalid_parameter_noinfo.LIBCMT ref: 00000001400C0241

Strings

Invalid option., xrefs: 000000014008B15B
BarBreak, xrefs: 000000014008B0FE
Right, xrefs: 000000014008B0AF
P, xrefs: 000000014008B193
Radio, xrefs: 000000014008B078
Break, xrefs: 000000014008B0D9

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: InfoItemMenu_invalid_parameter_noinfo
String ID: BarBreak$Break$Invalid option.$P$Radio$Right
API String ID: 3785929784-2576641197
Opcode ID: a8cf3c9a1cadbc62aacaceb0789ea9cc362bdcb37d9887d70724f85c600a25e7
Instruction ID: 2a238d833165ff1d5458960380f6997134b888ca2dfa34f4c9d797f8755c8f73
Opcode Fuzzy Hash: a8cf3c9a1cadbc62aacaceb0789ea9cc362bdcb37d9887d70724f85c600a25e7
Instruction Fuzzy Hash: 0B51DC73604A2291EB329B16D9553EB23A0F7587D4F804021FF99876F5EB38CA86C780

Uniqueness

Uniqueness Score: -1.00%

Function 000000014002CD90 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 120COMMON

Download Yara Rule

APIs

IsWindow.USER32 ref: 000000014002CE43
DialogBoxParamW.USER32 ref: 000000014002CE7D

Strings

Result, xrefs: 000000014002CED2
Cancel, xrefs: 000000014002CEB0
Value, xrefs: 000000014002CEE5
Timeout, xrefs: 000000014002CEC2
AutoHotkey v2.0.12, xrefs: 000000014002CDC5

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: DialogParamWindow
String ID: AutoHotkey v2.0.12$Cancel$Result$Timeout$Value
API String ID: 2019275597-724431160
Opcode ID: 7e626913cc1702f375841c9b1e1d8f4dc1d83471c09c43b807871961051b9dcc
Instruction ID: 68a1b95453503d52f4ab47430b96ec51f8da3e07aa48170ef783c2ea99cfe260
Opcode Fuzzy Hash: 7e626913cc1702f375841c9b1e1d8f4dc1d83471c09c43b807871961051b9dcc
Instruction Fuzzy Hash: 3F513976714B4089EB22CF66E4807E873B5B74C7A8F40432AAB6C57AE8DB34C5598300

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400D4300 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32 ref: 00000001400D447C
GetProcAddress.KERNEL32 ref: 00000001400D4488

Strings

ext-ms-, xrefs: 00000001400D43D9
api-ms-, xrefs: 00000001400D43C6

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: 159db3d9bbf04d04851cf1d1e761b69af192252fcc1579a5a9d320132951fada
Instruction ID: e3b413d3b2b6f0401907cdcc9dce698bdd1ad0e267f31545943ee53743b1fb2e
Opcode Fuzzy Hash: 159db3d9bbf04d04851cf1d1e761b69af192252fcc1579a5a9d320132951fada
Instruction Fuzzy Hash: B0419431311B5082FB17DB17A8447ED2395BB4DBE0F499225BF1D977A4EE38C5868310

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140047130 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 107COMMON

Download Yara Rule

APIs

Part of subcall function 00000001400A2440: GetForegroundWindow.USER32(?,0000000140017E57), ref: 00000001400A24A7
Part of subcall function 00000001400A2440: IsWindowVisible.USER32 ref: 00000001400A24C1
Part of subcall function 00000001400A2440: DwmGetWindowAttribute.DWMAPI ref: 00000001400A24E4

GetClassNameW.USER32 ref: 0000000140047213

Strings

notepad.exe, xrefs: 00000001400472B8
Could not open script., xrefs: 00000001400472EE
AutoHotkey, xrefs: 000000014004731F
#32770, xrefs: 0000000140047221
"%s", xrefs: 000000014004724C
Edit, xrefs: 0000000140047279

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Window$AttributeClassForegroundNameVisible
String ID: "%s"$#32770$AutoHotkey$Could not open script.$Edit$notepad.exe
API String ID: 2970645299-1452042658
Opcode ID: 6b59c39267a13e30f513af0db118b0e3d17db5941fa7e5941bf50df17fbccc9a
Instruction ID: c0b20a92f3c14542c0716cd57cc2749fc21b6b489f2b530150e1854876097e21
Opcode Fuzzy Hash: 6b59c39267a13e30f513af0db118b0e3d17db5941fa7e5941bf50df17fbccc9a
Instruction Fuzzy Hash: E3516AB6214B8485EA22DB56E8407DA7760F79CBC4F84412AFF8D13B79EB78C141CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400108CC Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 100libraryCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32 ref: 00000001400109B0
DialogBoxParamW.USER32 ref: 0000000140010A3D

Strings

stderr, xrefs: 000000014001097E
riched20.dll, xrefs: 00000001400109A3
Warning: , xrefs: 0000000140010909
Specifically: %s, xrefs: 0000000140010957
%s (%d) : ==> %s%s, xrefs: 000000014001092D

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: DialogLibraryLoadParam
String ID: Specifically: %s$%s (%d) : ==> %s%s$Warning: $riched20.dll$stderr
API String ID: 1562155488-188717757
Opcode ID: 78c8a46f9d54ddd52eb530714a1413f6025037552a6c041cb038a229b4c3a270
Instruction ID: b1de09213ad0652267f6252353439471dd22a4f03977a0bbb5dbcc7dc9382cbf
Opcode Fuzzy Hash: 78c8a46f9d54ddd52eb530714a1413f6025037552a6c041cb038a229b4c3a270
Instruction Fuzzy Hash: 0C41B17260479086E762CF16E4543EAB3A0F79C7D4F50402AEBC95BBB5DBB9C585CB00

Uniqueness

Uniqueness Score: -1.00%

Function 000000014002AE70 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 85windowCOMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32 ref: 000000014002AECD
GetSystemMetrics.USER32 ref: 000000014002AEDA
SendMessageW.USER32 ref: 000000014002AF3A
SendMessageW.USER32 ref: 000000014002AF52
DestroyIcon.USER32 ref: 000000014002AF60

Strings

Can't load icon., xrefs: 000000014002AF18

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: MessageMetricsSendSystem$DestroyIcon
String ID: Can't load icon.
API String ID: 3531782201-3453278282
Opcode ID: 2390b116052a8d3896239615492bb6e449228f1b290b6d8cc06d7561ea873064
Instruction ID: 377fb0bc1819b0c03cb0ff17e8a17e893ef70e559f7bcb5edfc6e9c74be75090
Opcode Fuzzy Hash: 2390b116052a8d3896239615492bb6e449228f1b290b6d8cc06d7561ea873064
Instruction Fuzzy Hash: E831BF72700B5087EB629F53A4507AA7395AB8DBD0F15402ABF4A07BA5DE3CC8838740

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001CF70 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 70COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 000000014001CFA7
GetTickCount.KERNEL32 ref: 000000014001CFB5

Strings

Match, xrefs: 000000014001D091
Stopped, xrefs: 000000014001D0B1
EndKey, xrefs: 000000014001D081
Timeout, xrefs: 000000014001D0A1
Max, xrefs: 000000014001D071

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CountTick
String ID: EndKey$Match$Max$Stopped$Timeout
API String ID: 536389180-511991314
Opcode ID: f85a9bdf337413f3b482a9c17209b33990c9e08c763b7da80209dd1936c6102a
Instruction ID: 22762733f37e2b0b1ab226cd12957e4a889bd2327c5794925df58edf05ee92f8
Opcode Fuzzy Hash: f85a9bdf337413f3b482a9c17209b33990c9e08c763b7da80209dd1936c6102a
Instruction Fuzzy Hash: B82121B6210A0089EB578F16E8647D472A5F78CBD5F944175EB894BBB4DA3EC491C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140027088 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 60COMMON

Download Yara Rule

APIs

GetDriveTypeW.KERNEL32 ref: 00000001400270EE

Strings

Unknown, xrefs: 000000014002713E
Network, xrefs: 0000000140027123
Fixed, xrefs: 000000014002712C
CDROM, xrefs: 000000014002711A
Removable, xrefs: 0000000140027135
RAMDisk, xrefs: 0000000140027111

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: DriveType
String ID: CDROM$Fixed$Network$RAMDisk$Removable$Unknown
API String ID: 338552980-706929342
Opcode ID: 0bca4e285b8e99fecf72d57e1c5447844d8591f8582512109d140a45826e729c
Instruction ID: d8e9c1cbca2cc359d06aa5bc88d1d4a7b48976dc34665ca53b6b399b05f5e2b5
Opcode Fuzzy Hash: 0bca4e285b8e99fecf72d57e1c5447844d8591f8582512109d140a45826e729c
Instruction Fuzzy Hash: 24216A72204B8595E666DB27E944BD933A4FB4CBC0F944129EB8D43BB5DB38CE55C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014008B530 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 57windowCOMMON

Download Yara Rule

APIs

CreateMenu.USER32 ref: 000000014008B54A
CreatePopupMenu.USER32 ref: 000000014008B552
SetMenuDefaultItem.USER32 ref: 000000014008B5B5
SetMenuInfo.USER32 ref: 000000014008B5EF
SetMenuInfo.USER32 ref: 000000014008B616

Strings

(, xrefs: 000000014008B5FE
(, xrefs: 000000014008B5DF

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Menu$CreateInfo$DefaultItemPopup
String ID: ($(
API String ID: 1934050479-222463766
Opcode ID: c5b937a4c8ceaeba8ebc01967cd919c3534c672848948f715eea0281042e1c90
Instruction ID: 787bd3d63772c8517e518d27491a83a6546169d9baf908723326b75ca13e6e08
Opcode Fuzzy Hash: c5b937a4c8ceaeba8ebc01967cd919c3534c672848948f715eea0281042e1c90
Instruction Fuzzy Hash: 9F2160B3315B4082EB618F16E1443AE73A1FB8CBC4F689115EB4D07B64DF79C1958B00

Uniqueness

Uniqueness Score: -1.00%

Function 000000014007B990 Relevance: 12.2, APIs: 8, Instructions: 155windowCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32 ref: 000000014007B9C5
DragFinish.SHELL32(?,?,00000000,000000014007B944,?,?,?,0000000140045BC0), ref: 000000014007B9D4
DestroyIcon.USER32(?,?,00000000,000000014007B944,?,?,?,0000000140045BC0), ref: 000000014007BA1A
DeleteObject.GDI32 ref: 000000014007BA22
DeleteObject.GDI32 ref: 000000014007BA57
DestroyIcon.USER32(?,?,00000000,000000014007B944,?,?,?,0000000140045BC0), ref: 000000014007BBA2
DestroyIcon.USER32(?,?,00000000,000000014007B944,?,?,?,0000000140045BC0), ref: 000000014007BBB0
DestroyAcceleratorTable.USER32 ref: 000000014007BBC9

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Destroy$DeleteIconObject$AcceleratorDragFinishTable
String ID:
API String ID: 2452034632-0
Opcode ID: 6f96db7b165d86dbc481459d6dd6d3d332ceabe24f6f9e02801f8d6c1d84079e
Instruction ID: 90e146107443520b3061d7277bcd6f3206acb2669711a3175d9ed2b1725ade82
Opcode Fuzzy Hash: 6f96db7b165d86dbc481459d6dd6d3d332ceabe24f6f9e02801f8d6c1d84079e
Instruction Fuzzy Hash: 83711576306B8496EB5A9F66D4903AC77A1FB88FC4F484025EF4A07BA9CF38D855C311

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400031F0 Relevance: 12.1, APIs: 8, Instructions: 139windowCOMMON

Download Yara Rule

APIs

ScreenToClient.USER32 ref: 0000000140003201
GetWindowLongW.USER32 ref: 0000000140003211
SetWindowLongW.USER32 ref: 0000000140003227
MulDiv.KERNEL32 ref: 00000001400032C6
MulDiv.KERNEL32 ref: 000000014000330F
DragFinish.SHELL32 ref: 0000000140003329
ShowWindow.USER32 ref: 000000014000364B
IsWindowVisible.USER32 ref: 0000000140003656

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Window$Long$ClientDragFinishScreenShowVisible
String ID:
API String ID: 3330812502-0
Opcode ID: 506d68f583ccb99facd6091ca72005ce9af712a26bb7af530a1f1dceac348e47
Instruction ID: 9bf8ab5efd462c6f0fb0f420a4aa8445613e532a1d60f1187c4ab4e588c5c147
Opcode Fuzzy Hash: 506d68f583ccb99facd6091ca72005ce9af712a26bb7af530a1f1dceac348e47
Instruction Fuzzy Hash: 89619FB2204A4486EB66CF26E458BED7775F788BC8F458215EB4A477B8DF38C909C740

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400411E0 Relevance: 12.1, APIs: 8, Instructions: 112COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32 ref: 0000000140041279
GetParent.USER32 ref: 0000000140041288
GetWindowLongW.USER32 ref: 000000014004129E
GetWindowRect.USER32 ref: 00000001400412B2
MapWindowPoints.USER32 ref: 00000001400412D6
GetParent.USER32 ref: 0000000140041301
MapWindowPoints.USER32 ref: 000000014004131D
MoveWindow.USER32 ref: 0000000140041360

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Window$LongParentPoints$MoveRect
String ID:
API String ID: 3732448687-0
Opcode ID: b7d43a4a546222829877edb403244e97593d27bfffa414724e5fb1f019db905c
Instruction ID: 29de0c4e30dff4dc8a0765f22a29c366a4265ccea2428b782ce4f089234067b3
Opcode Fuzzy Hash: b7d43a4a546222829877edb403244e97593d27bfffa414724e5fb1f019db905c
Instruction Fuzzy Hash: F7415E362086808AE661DF56E5447DEB7A1F7C9BE0F144125FF8987BA9CB7CC845CB04

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140017360 Relevance: 12.1, APIs: 8, Instructions: 110windowthreadCOMMON

Download Yara Rule

APIs

GetMessageW.USER32 ref: 000000014001737D
SetWindowsHookExW.USER32 ref: 00000001400173F7
UnhookWindowsHookEx.USER32 ref: 0000000140017419
GetLastError.KERNEL32 ref: 0000000140017423
SetWindowsHookExW.USER32 ref: 0000000140017472
UnhookWindowsHookEx.USER32 ref: 0000000140017490
GetLastError.KERNEL32 ref: 000000014001749A
PostThreadMessageW.USER32 ref: 00000001400174D3

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: HookWindows$ErrorLastMessageUnhook$PostThread
String ID:
API String ID: 2811735471-0
Opcode ID: 07671e3ad933ecbdad02ff28953f9fb50b08270918b9e42d4f682d98390143d5
Instruction ID: 0ca9d0b5ee58f0c12107d6137d9b98ac1a2168e4abe256e54699108b3e6d5c68
Opcode Fuzzy Hash: 07671e3ad933ecbdad02ff28953f9fb50b08270918b9e42d4f682d98390143d5
Instruction Fuzzy Hash: 3651CE71204A4082FB679B13E494FE9A7F2EB5CBC4F484019FB5E1BAB0DB3EC9449650

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400C6030 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00000001400C6073
_invalid_parameter_noinfo.LIBCMT ref: 00000001400C6460
_invalid_parameter_noinfo.LIBCMT ref: 00000001400C66FC

Strings

p, xrefs: 00000001400C6125
f, xrefs: 00000001400C6195
p, xrefs: 00000001400C619D

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: f$p$p
API String ID: 3215553584-1995029353
Opcode ID: 90cbabfd0163ca01f83631a335f8c8b2515d677f1137601d2991ffd8dda4623c
Instruction ID: d77c2931127a110efa9f869fabce25942067c8930bb7a0f7dfdd34ded32eff70
Opcode Fuzzy Hash: 90cbabfd0163ca01f83631a335f8c8b2515d677f1137601d2991ffd8dda4623c
Instruction Fuzzy Hash: 4F12B27260C78186FB3A9F36E15C3EA76A1F3887D4F984516F786476E8D739C9808B10

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400A1F50 Relevance: 10.8, APIs: 7, Instructions: 329windowCOMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(?,?,?,?,?,0000000140017E7E), ref: 00000001400A1FC5
IsWindowVisible.USER32 ref: 00000001400A1FE0
DwmGetWindowAttribute.DWMAPI ref: 00000001400A2003
GetForegroundWindow.USER32(?,?,?,?,?,0000000140017E7E), ref: 00000001400A2032
IsWindowVisible.USER32 ref: 00000001400A2085
DwmGetWindowAttribute.DWMAPI(?,?,?,?,?,0000000140017E7E), ref: 00000001400A20AA
EnumChildWindows.USER32 ref: 00000001400A23C9

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Window$AttributeForegroundVisible$ChildEnumWindows
String ID:
API String ID: 3215277734-0
Opcode ID: 390f548e8cc6006fd9f73b943cf06d71d38877cd616475546455fcf4c6407dc9
Instruction ID: a1166deec737f1a0491fd3286fc436be659a0cc1b98fa95264decbfd953e3123
Opcode Fuzzy Hash: 390f548e8cc6006fd9f73b943cf06d71d38877cd616475546455fcf4c6407dc9
Instruction Fuzzy Hash: 06E1803270474099FB669B6BD8407ED67A1E7B87C4F148226FF4917AA8DB38C9C0CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400044F0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 191COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0000000140004645
GetWindowLongW.USER32 ref: 00000001400046B9
GetParent.USER32 ref: 00000001400046C8
GetWindowLongW.USER32 ref: 00000001400046DE
GetTickCount.KERNEL32 ref: 0000000140004709

Strings

OnMessage, xrefs: 0000000140004691

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CountLongTickWindow$Parent
String ID: OnMessage
API String ID: 3367468570-3325017196
Opcode ID: c8619ec50c0208649ebb9fbcdec775f55c4fa46f54882fe96aa09e98b1616b20
Instruction ID: 0f15d589497cae4da03b56d90b4c17ce5cc5dd74c255ca69140691c62990ddc1
Opcode Fuzzy Hash: c8619ec50c0208649ebb9fbcdec775f55c4fa46f54882fe96aa09e98b1616b20
Instruction Fuzzy Hash: 6AA17BB2904B8096EB16CF26F9403A977A0F79DB84F108219EB8917B72DF39D0A5C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140035F00 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 180COMMON

Download Yara Rule

APIs

CharLowerW.USER32 ref: 00000001400360D3
CharUpperW.USER32 ref: 0000000140036106
IsCharAlphaW.USER32 ref: 0000000140036123
CharUpperW.USER32 ref: 0000000140036138
CharLowerW.USER32 ref: 0000000140036143

Strings

String, xrefs: 0000000140035F63

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Char$LowerUpper$Alpha
String ID: String
API String ID: 1031401190-2568140703
Opcode ID: 3f30b44934c042b2856ce3c93081d1d391d9b5d3df4a950c98a9ddb100c06546
Instruction ID: ffee514d30b7b1eb546e2a087856810339cadc110dd5dc70275a08d560859d2c
Opcode Fuzzy Hash: 3f30b44934c042b2856ce3c93081d1d391d9b5d3df4a950c98a9ddb100c06546
Instruction Fuzzy Hash: D5715A36204A8481EB679B33E5553EF67A1EB4DBE8F488211EF9A076F6DB78C4518310

Uniqueness

Uniqueness Score: -1.00%

Function 000000014002FFF0 Relevance: 10.7, APIs: 7, Instructions: 165windowCOMMON

Download Yara Rule

APIs

CreateCompatibleDC.GDI32 ref: 0000000140030027
GetDIBits.GDI32 ref: 0000000140030069
SelectObject.GDI32 ref: 00000001400300E9
GetDIBits.GDI32 ref: 0000000140030115
GetSystemPaletteEntries.GDI32 ref: 000000014003014C
SelectObject.GDI32 ref: 00000001400301FD
DeleteDC.GDI32 ref: 0000000140030208

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: BitsObjectSelect$CompatibleCreateDeleteEntriesPaletteSystem
String ID:
API String ID: 3388690935-0
Opcode ID: f226b6b64c8f24b1db0f2c68b3be67ccf10c122db036d6d0b240d150522c358a
Instruction ID: da02b89cad8b6d19fe2a839a9f0a2fa3b053c036e6bc7dfd213044c1ce8537a7
Opcode Fuzzy Hash: f226b6b64c8f24b1db0f2c68b3be67ccf10c122db036d6d0b240d150522c358a
Instruction Fuzzy Hash: 81519D76311A908AE7628F36E8147EA77A4F749BD8F458215FF5887BA8DB38C505C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001E254 Relevance: 10.7, APIs: 7, Instructions: 160keyboardthreadCOMMON

Download Yara Rule

APIs

GetKeyState.USER32 ref: 000000014001F257
GetKeyState.USER32 ref: 000000014001F26A
GetForegroundWindow.USER32 ref: 000000014001F2B1
GetWindowThreadProcessId.USER32 ref: 000000014001F2BC
AttachThreadInput.USER32 ref: 000000014001F2F9

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: StateThreadWindow$AttachForegroundInputProcess
String ID:
API String ID: 1229699718-0
Opcode ID: 8dfc5b658355fb44ed421e86b923032a61677d075a5c2f99b62d5028bf4aa186
Instruction ID: 26b9f3bced3580cffea2b907ec3700b4a1ecb87d6de4c054f12aaddcff9e13ca
Opcode Fuzzy Hash: 8dfc5b658355fb44ed421e86b923032a61677d075a5c2f99b62d5028bf4aa186
Instruction Fuzzy Hash: 3E810272504280CAF7639B2BE8447F93BA1E74C7D8F04411AF7854B6F6CB3A8586EB10

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001E267 Relevance: 10.7, APIs: 7, Instructions: 160keyboardthreadCOMMON

Download Yara Rule

APIs

GetKeyState.USER32 ref: 000000014001F257
GetKeyState.USER32 ref: 000000014001F26A
GetForegroundWindow.USER32 ref: 000000014001F2B1
GetWindowThreadProcessId.USER32 ref: 000000014001F2BC
AttachThreadInput.USER32 ref: 000000014001F2F9

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: StateThreadWindow$AttachForegroundInputProcess
String ID:
API String ID: 1229699718-0
Opcode ID: c4a84b9dab2af3cfe781f5a02f57bfed5353c2fb7a65f317ebf5d97134b9f6f7
Instruction ID: 7c0de8956122fdac24af08edbe936727b272bb146dda366c46560ffb552c27dd
Opcode Fuzzy Hash: c4a84b9dab2af3cfe781f5a02f57bfed5353c2fb7a65f317ebf5d97134b9f6f7
Instruction Fuzzy Hash: BE81F272504280CAF7679B2BE8447F93BA1E74C7D8F14411AF7854B6F6CB3A8586EB10

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001E27A Relevance: 10.7, APIs: 7, Instructions: 160keyboardthreadCOMMON

Download Yara Rule

APIs

GetKeyState.USER32 ref: 000000014001F257
GetKeyState.USER32 ref: 000000014001F26A
GetForegroundWindow.USER32 ref: 000000014001F2B1
GetWindowThreadProcessId.USER32 ref: 000000014001F2BC
AttachThreadInput.USER32 ref: 000000014001F2F9

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: StateThreadWindow$AttachForegroundInputProcess
String ID:
API String ID: 1229699718-0
Opcode ID: eea027f25d53c5533d258e0e5f253c5b052ee1ec99c142371d92b35cabdca29f
Instruction ID: 7b8574e694fc53ffb1db2ed981d66a7056a0c13034e74711fd7ff5b688e0a15c
Opcode Fuzzy Hash: eea027f25d53c5533d258e0e5f253c5b052ee1ec99c142371d92b35cabdca29f
Instruction Fuzzy Hash: E681F272504280CAF7679B2BE8447F93BA1E74C7D8F14411AF7854B6F6CB3A8586EB10

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001B330 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 149sleepCOMMON

Download Yara Rule

APIs

CharUpperW.USER32(?,?,?,0000000140002921), ref: 000000014001B430
CharUpperW.USER32(?,?,?,0000000140002921), ref: 000000014001B441
Sleep.KERNEL32 ref: 000000014001B534

Strings

%s%c, xrefs: 000000014001B4AC
{Text}, xrefs: 000000014001B48D
{Raw}, xrefs: 000000014001B479, 000000014001B4A5

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CharUpper$Sleep
String ID: %s%c${Raw}${Text}
API String ID: 3503790639-2444501380
Opcode ID: ec26f4a596df7e3007f20e2b3eed505feac34a5f8021f7d3481eed2582f5d3fe
Instruction ID: d2f6bf787d73a65b79dcb031d65c1bb29df88ccc176a30ac6d335c7a129a6a8b
Opcode Fuzzy Hash: ec26f4a596df7e3007f20e2b3eed505feac34a5f8021f7d3481eed2582f5d3fe
Instruction Fuzzy Hash: 2861CF766006C08AEB72CF26A4403ED77E0FB4CBD8F889115EB990BBA6DB39D551C701

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140040380 Relevance: 10.6, APIs: 7, Instructions: 149windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400C0224: _invalid_parameter_noinfo.LIBCMT ref: 00000001400C0241

GetForegroundWindow.USER32 ref: 000000014004046F
PostMessageW.USER32 ref: 00000001400404BC
GetTickCount.KERNEL32 ref: 00000001400404C2
IsWindow.USER32 ref: 00000001400404DC
GetTickCount.KERNEL32 ref: 00000001400404E6
IsWindow.USER32 ref: 000000014004050B
GetForegroundWindow.USER32 ref: 0000000140040536

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Window$CountForegroundTick$MessagePost_invalid_parameter_noinfo
String ID:
API String ID: 1713178899-0
Opcode ID: dc6a54b78731cfeaf61b31e65cb2a7c3f85c09ec035adca057429391725632c5
Instruction ID: aa71869b4f517493fad7554199e39a8d26de12dedef536b81cb359f15cbecd07
Opcode Fuzzy Hash: dc6a54b78731cfeaf61b31e65cb2a7c3f85c09ec035adca057429391725632c5
Instruction Fuzzy Hash: 9051A371614A8082FB569B27B5003EA22A1EB8CBD4F095135FF2517BEADB39C8818704

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003DAD0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 147threadCOMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32 ref: 000000014003DBD3
GetTickCount.KERNEL32 ref: 000000014003DBED
GetWindowThreadProcessId.USER32 ref: 000000014003DC00
GetGUIThreadInfo.USER32 ref: 000000014003DC0D
ClientToScreen.USER32 ref: 000000014003DC47

Strings

H, xrefs: 000000014003DBF5

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: ThreadWindow$ClientCountForegroundInfoProcessScreenTick
String ID: H
API String ID: 1246845418-2852464175
Opcode ID: 704360c802ce9f18237775c80f64de7bd843cb4fb176fcf3012ff27824a55bc7
Instruction ID: 3152a52f5c179c1f93d4d92c50c1ebccdaf79f4accd368c113e8019a4407d71c
Opcode Fuzzy Hash: 704360c802ce9f18237775c80f64de7bd843cb4fb176fcf3012ff27824a55bc7
Instruction Fuzzy Hash: BC516D7261568086FA66CF16F5407EEB7A1FB88BC0F468116EB59877A5DB38C846CB00

Uniqueness

Uniqueness Score: -1.00%

Function 000000014002AFB0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 143windowCOMMON

Download Yara Rule

APIs

MulDiv.KERNEL32 ref: 000000014002B0A4
SendMessageW.USER32 ref: 000000014002B0E6
SendMessageW.USER32 ref: 000000014002B10F
DestroyIcon.USER32 ref: 000000014002B11D
SendMessageW.USER32 ref: 000000014002B13D

Strings

Number, xrefs: 000000014002B15C

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: MessageSend$DestroyIcon
String ID: Number
API String ID: 3419509030-2436635234
Opcode ID: 3411289984a212d2d1f0fdd127a023dfa607228e95779f5a74270936baeb4c64
Instruction ID: 0bc40dfab8ffa14e6e64e515c485144836b2f16e87e25d0ffe96489d396ac703
Opcode Fuzzy Hash: 3411289984a212d2d1f0fdd127a023dfa607228e95779f5a74270936baeb4c64
Instruction Fuzzy Hash: 1F51C47271464482FB679F27E4A4BEB2762F78CBC4F558129EF1A437A4CA39CC528740

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000F520 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 133fileCOMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,001207A1,00000001,00000001,00000000,000000014000F7D5), ref: 000000014000F5B3
WriteFile.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,001207A1,00000001,00000001,00000000,000000014000F7D5), ref: 000000014000F635
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,001207A1,00000001,00000001,00000000,000000014000F7D5), ref: 000000014000F67D
WriteFile.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,001207A1,00000001,00000001,00000000,000000014000F7D5), ref: 000000014000F6C3
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,001207A1,00000001,00000001,00000000,000000014000F7D5), ref: 000000014000F6EB

Strings

stdout, xrefs: 000000014000F55A

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CloseFileHandleWrite$Info
String ID: stdout
API String ID: 1727933286-3267972124
Opcode ID: 60d7604655fd3c1b57fa107a2e3a942ebb18f1ebc873cc4e6c890a261891886d
Instruction ID: 52926526ade02851607b053a4cae6c938825e135268803a70c42fdd7b71f482c
Opcode Fuzzy Hash: 60d7604655fd3c1b57fa107a2e3a942ebb18f1ebc873cc4e6c890a261891886d
Instruction Fuzzy Hash: 8C51F6B2710A409AE722CF66E8407EC33A5F7487A8F408B15EE6953AF8DF35C555E740

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003193C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 00000001400319D2
OpenProcess.KERNEL32 ref: 00000001400319FF
SetPriorityClass.KERNEL32 ref: 0000000140031A19
GetLastError.KERNEL32 ref: 0000000140031A28
CloseHandle.KERNEL32 ref: 0000000140031A33

Strings

Target process not found., xrefs: 00000001400319E5

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Process$ClassCloseCurrentErrorHandleLastOpenPriority
String ID: Target process not found.
API String ID: 1041824230-3346438222
Opcode ID: 9dd1ff6085653eb400bba2b90e0e13d8ee0e60ed4a28513622a49d25d576894d
Instruction ID: 0b537e0432f5b43d6e6977ade9397ab86db69e8985ab0d4916a4c501f1a41fd5
Opcode Fuzzy Hash: 9dd1ff6085653eb400bba2b90e0e13d8ee0e60ed4a28513622a49d25d576894d
Instruction Fuzzy Hash: 3A31C23270460082F6679F2BA4643FB5392ABCDBC1F298026FB46473B5DE38C8419352

Uniqueness

Uniqueness Score: -1.00%

Function 000000014007B840 Relevance: 10.6, APIs: 7, Instructions: 85windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,?,?,0000000140045BC0), ref: 000000014007B868
SendMessageW.USER32(?,?,?,0000000140045BC0), ref: 000000014007B88F
DestroyIcon.USER32(?,?,?,0000000140045BC0), ref: 000000014007B89D
IsWindow.USER32 ref: 000000014007B8BA
ShowWindow.USER32(?,?,?,0000000140045BC0), ref: 000000014007B8CA
SetMenu.USER32(?,?,?,0000000140045BC0), ref: 000000014007B8D6
DestroyWindow.USER32(?,?,?,0000000140045BC0), ref: 000000014007B8F0

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Window$DestroyMessageSend$IconMenuShow
String ID:
API String ID: 1747553802-0
Opcode ID: d4050c29df62f8fdbbcdd7f9987a3738d07cc42154ea03e43609c40e3a67900d
Instruction ID: 3e74084718a91e74d2c616fd881273a88653bc446d1bb3d3472f8df53acb6273
Opcode Fuzzy Hash: d4050c29df62f8fdbbcdd7f9987a3738d07cc42154ea03e43609c40e3a67900d
Instruction Fuzzy Hash: A5414972611A4482FB969F26E8947E923A5EB8CFC4F485025EF1A573B4DF38C885C310

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400286D0 Relevance: 10.6, APIs: 7, Instructions: 79fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 0000000140028712
FindResourceW.KERNEL32 ref: 000000014002879A
LoadResource.KERNEL32 ref: 00000001400287AD
LockResource.KERNEL32 ref: 00000001400287BB
SizeofResource.KERNEL32 ref: 00000001400287CE
WriteFile.KERNEL32 ref: 00000001400287EE
CloseHandle.KERNEL32 ref: 00000001400287FD

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Resource$File$CloseCreateFindHandleLoadLockSizeofWrite
String ID:
API String ID: 4054086306-0
Opcode ID: bdf1da497c98b9b3745a7cb43526e43c7e8d2f79fd924d7a3bb232df337f35af
Instruction ID: 59e18b48bfe192b9ae6cf3ffa7b7ffa6704e81d3dc6e76f66d6ce9b1e1341f41
Opcode Fuzzy Hash: bdf1da497c98b9b3745a7cb43526e43c7e8d2f79fd924d7a3bb232df337f35af
Instruction Fuzzy Hash: FD31813620568086EB629B26B4143EE63A1FB4CBE4F444225FF9A43BE4DF3CC5498700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140028830 Relevance: 10.6, APIs: 7, Instructions: 56fileCOMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32 ref: 0000000140028860
SetCurrentDirectoryW.KERNEL32 ref: 000000014002886D
GetFullPathNameW.KERNEL32 ref: 0000000140028883
SetCurrentDirectoryW.KERNEL32 ref: 00000001400288A6
CompareStringOrdinal.KERNEL32 ref: 00000001400288CA
GetFileAttributesW.KERNEL32 ref: 00000001400288DA
CopyFileW.KERNEL32 ref: 000000014002890B

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CurrentDirectoryFileFullNamePath$AttributesCompareCopyOrdinalString
String ID:
API String ID: 2779534578-0
Opcode ID: 84c8ed879c5abb9cda3e3d42fda8326555c498feeb9569fe237361083dacb7eb
Instruction ID: 3043d371afc856d0e5065428a4bf3d013774c635f78bf41e03951d7b8ad1ff41
Opcode Fuzzy Hash: 84c8ed879c5abb9cda3e3d42fda8326555c498feeb9569fe237361083dacb7eb
Instruction Fuzzy Hash: CD215036725B8082EA62DB12F864BE96361FF98BC4F848015EA4947BA4DE3CC545D700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400D9700 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00000001400D9731
GetLastError.KERNEL32 ref: 00000001400D973D
CloseHandle.KERNEL32 ref: 00000001400D9755
CreateFileW.KERNEL32 ref: 00000001400D9780
WriteConsoleW.KERNEL32 ref: 00000001400D979F

Strings

CONOUT$, xrefs: 00000001400D9761

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: 94cc898a5500309b9d7ea8c4d7175d1976eb790efe30e5873f400e1694985bca
Instruction ID: c38799da15fe09cbb6a49b8c5e15ec820f72f94d01c60d0572a99f46c1f58d4b
Opcode Fuzzy Hash: 94cc898a5500309b9d7ea8c4d7175d1976eb790efe30e5873f400e1694985bca
Instruction Fuzzy Hash: 3D116D32324A8086E7518B53E8547AD67A5FB8CFE8F048224FB6D87BB4DF78C9458750

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140002EFD Relevance: 9.2, APIs: 6, Instructions: 241windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32 ref: 000000014000347C

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 03d6ee2a2d24f6e9c654b3bfc1c94204d86c3fed09f33c2d51e546852fae1773
Instruction ID: b673c431f06542764e1da05663f745b4742ea4ad91f234d2f6d5f275fbff832f
Opcode Fuzzy Hash: 03d6ee2a2d24f6e9c654b3bfc1c94204d86c3fed09f33c2d51e546852fae1773
Instruction Fuzzy Hash: B2C1C1B2208A808AEB67CF26E4447ED77A9F78DB94F554215EB8947BB8DF38C544C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400C8CB0 Relevance: 9.2, APIs: 6, Instructions: 161COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00000001400C8D32
_invalid_parameter_noinfo.LIBCMT ref: 00000001400C8D69
_invalid_parameter_noinfo.LIBCMT ref: 00000001400C8DB1
_invalid_parameter_noinfo.LIBCMT ref: 00000001400C8DFA
_invalid_parameter_noinfo.LIBCMT ref: 00000001400C8E36
_invalid_parameter_noinfo.LIBCMT ref: 00000001400C8EC5

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 5920e5e9a41b6263e316d5559f0cdc713c668bc4638368a719b294c029b8700a
Instruction ID: 6b1e15711deae5a03f0368d9fe3adfa0907c1f55f3f15ef33cd7deb29212cff7
Opcode Fuzzy Hash: 5920e5e9a41b6263e316d5559f0cdc713c668bc4638368a719b294c029b8700a
Instruction Fuzzy Hash: BF613E72504B5581FB76AF26D0503AD33A0EB98BE4F558212FFA9073F5DB388842D31A

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400890F0 Relevance: 9.1, APIs: 6, Instructions: 145windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,?,?,?,?,000000014002AD32), ref: 0000000140089159
SendMessageW.USER32(?,?,?,?,?,?,000000014002AD32), ref: 00000001400891EE
SendMessageW.USER32(?,?,?,?,?,000000014002AD32), ref: 000000014008922B
SendMessageW.USER32(?,?,?,?,?,?,000000014002AD32), ref: 00000001400892A8
SendMessageW.USER32(?,?,?,?,?,000000014002AD32), ref: 00000001400892E1
SendMessageW.USER32(?,?,?,?,?,000000014002AD32), ref: 000000014008932A

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 180bad6ddadf2a70570e00863711d1c42d7120e41d4a12d6bf7710c76ff5a0b1
Instruction ID: 67519ba94ec21199ce00ffefc51df12dff8b991e7a9498e6a67394645ffc230b
Opcode Fuzzy Hash: 180bad6ddadf2a70570e00863711d1c42d7120e41d4a12d6bf7710c76ff5a0b1
Instruction Fuzzy Hash: E261B4736086D09AE722DF66E4447DEBBA1F789384F548026FB8947E68CB7DC585CB00

Uniqueness

Uniqueness Score: -1.00%

Function 000000014002FE30 Relevance: 9.1, APIs: 6, Instructions: 117timeCOMMON

Download Yara Rule

APIs

SystemTimeToFileTime.KERNEL32 ref: 000000014002FE6F
GetSystemTimeAsFileTime.KERNEL32 ref: 000000014002FE93
FileTimeToLocalFileTime.KERNEL32 ref: 000000014002FEA3
SystemTimeToFileTime.KERNEL32 ref: 000000014002FECD
GetSystemTimeAsFileTime.KERNEL32 ref: 000000014002FEF1
FileTimeToLocalFileTime.KERNEL32 ref: 000000014002FF01

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Time$File$System$Local
String ID:
API String ID: 2859370177-0
Opcode ID: 169bc0ab9809e8adeeebb3fe41f7700071cec3cf63a66f3ad487ceb95fb319df
Instruction ID: 74c04fec7d8924bf8ace7124ac096cff2655c0df4cbdd2d8fa507655d5d1a743
Opcode Fuzzy Hash: 169bc0ab9809e8adeeebb3fe41f7700071cec3cf63a66f3ad487ceb95fb319df
Instruction Fuzzy Hash: 8641B6B271468982DB618B5AF440BED6361E78CBC4F489026FB89477B9EA7CC945DB00

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400A2A10 Relevance: 9.1, APIs: 6, Instructions: 62windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32 ref: 00000001400A2A26
IsWindowVisible.USER32 ref: 00000001400A2A52
DwmGetWindowAttribute.DWMAPI ref: 00000001400A2A71
GetWindowLongW.USER32 ref: 00000001400A2A8A
GetClassLongW.USER32 ref: 00000001400A2AA2
GetWindowLongPtrW.USER32 ref: 00000001400A2AB9

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Window$Long$AttributeClassVisible
String ID:
API String ID: 4166653807-0
Opcode ID: 07ffc459cc559860d390ac519bf6cd5f06578f207a8fd76899ea2bbefd7872ed
Instruction ID: ae4343ac9ac1897be7c6a9bad2b5960890569c3747c7fe57433cbf20c0bc5a6a
Opcode Fuzzy Hash: 07ffc459cc559860d390ac519bf6cd5f06578f207a8fd76899ea2bbefd7872ed
Instruction Fuzzy Hash: 7C216232715A5087EB628B27A44036D7361EB98FD0F485211FF56577A8CB38D8D3C711

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400D0A9C Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,000082BFA5821DEA,00000001400D0595,?,?,?,?,00000001400D0E5E,?,?,00000000,00000001400D42C7,?,?,?), ref: 00000001400D0AAB
FlsSetValue.KERNEL32(?,?,000082BFA5821DEA,00000001400D0595,?,?,?,?,00000001400D0E5E,?,?,00000000,00000001400D42C7,?,?,?), ref: 00000001400D0AE1
FlsSetValue.KERNEL32(?,?,000082BFA5821DEA,00000001400D0595,?,?,?,?,00000001400D0E5E,?,?,00000000,00000001400D42C7,?,?,?), ref: 00000001400D0B0E
FlsSetValue.KERNEL32(?,?,000082BFA5821DEA,00000001400D0595,?,?,?,?,00000001400D0E5E,?,?,00000000,00000001400D42C7,?,?,?), ref: 00000001400D0B1F
FlsSetValue.KERNEL32(?,?,000082BFA5821DEA,00000001400D0595,?,?,?,?,00000001400D0E5E,?,?,00000000,00000001400D42C7,?,?,?), ref: 00000001400D0B30
SetLastError.KERNEL32(?,?,000082BFA5821DEA,00000001400D0595,?,?,?,?,00000001400D0E5E,?,?,00000000,00000001400D42C7,?,?,?), ref: 00000001400D0B4B

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 5c06eb7282bb47ab910a8a4de708e04044efd97cb529e79fb271a8768e0beee5
Instruction ID: dcd7ec2991de03568ea51072c6c3afe94dde3703c3647a1f174abfa327a86d48
Opcode Fuzzy Hash: 5c06eb7282bb47ab910a8a4de708e04044efd97cb529e79fb271a8768e0beee5
Instruction Fuzzy Hash: F311293430464083FA6BA777B5913ED62529F5C7F4F148726BB2A076FBDA78C4438A21

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140043B10 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 216COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32 ref: 0000000140043C00
SetWindowLongW.USER32 ref: 0000000140043C1E
SetWindowLongW.USER32 ref: 0000000140043E0D
SetLayeredWindowAttributes.USER32 ref: 0000000140043E20

Strings

Off, xrefs: 0000000140043CB8

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Window$Long$AttributesLayered
String ID: Off
API String ID: 2169480361-334568355
Opcode ID: 6b89796878de489b667b02f9bd3e8bf8dc74f43bfa1cf7c0c38e04776ac77cb5
Instruction ID: 4e47f3cc5cdadf2b6e8e34a1eefe97b1cd2bd3ef64cb5267a2fa6b4058f2893f
Opcode Fuzzy Hash: 6b89796878de489b667b02f9bd3e8bf8dc74f43bfa1cf7c0c38e04776ac77cb5
Instruction Fuzzy Hash: 3281FF72A0469081EB669B23A0443FE67A1F788BD4F466525FF8B47BF5EB38C841C344

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140003FB0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 195timeCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0000000140004019
GetTickCount.KERNEL32 ref: 0000000140004094
KillTimer.USER32 ref: 0000000140004143
GetTickCount.KERNEL32 ref: 0000000140004227

Strings

Timer, xrefs: 0000000140004244

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CountTick$KillTimer
String ID: Timer
API String ID: 807761965-2870079774
Opcode ID: 739a371533fa8090fb36d5ba724fab2e9ed0b1a7686cf826d7259f4d51aed7e4
Instruction ID: 3ed9c7c446903a1b89014b9dca57ddea94a9665f093d8d52dc5d5113344dee77
Opcode Fuzzy Hash: 739a371533fa8090fb36d5ba724fab2e9ed0b1a7686cf826d7259f4d51aed7e4
Instruction Fuzzy Hash: EFA17CF2A04A8096FB67CB26F5403E937A0F76DB98F145219EB45176B2CB38E4D6C704

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140042570 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 167windowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32 ref: 0000000140042710
PostMessageW.USER32 ref: 000000014004272A
GetLastError.KERNEL32 ref: 000000014004273D

Strings

Ptr, xrefs: 0000000140042666
Timeout, xrefs: 000000014004279E, 00000001400427CA

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Message$ErrorLastPostSendTimeout
String ID: Ptr$Timeout
API String ID: 3306065770-2623692197
Opcode ID: f4d78d9c8b4eb2622307af1b7250a06c5c1bf461d9ae8be478f7fed2f806bac5
Instruction ID: df6be32f912254af3bfcbbc395a27cbc0e1d3fb6608fffb8c6c9a30a25717ee9
Opcode Fuzzy Hash: f4d78d9c8b4eb2622307af1b7250a06c5c1bf461d9ae8be478f7fed2f806bac5
Instruction Fuzzy Hash: 18814632705B8486EB22CF62E4403ED33A5F78CB88F56452AEF4A17BA8DB38C455C744

Uniqueness

Uniqueness Score: -1.00%

Function 000000014005E830 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 154COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 000000014005E935

Strings

---- %s, xrefs: 000000014005E9B5
Press [F5] to refresh., xrefs: 000000014005EA9F
Script lines most recently executed (oldest first). Press [F5] to refresh. The seconds elapsed between a line and the one after , xrefs: 000000014005E849

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CountTick
String ID: Press [F5] to refresh.$---- %s$Script lines most recently executed (oldest first). Press [F5] to refresh. The seconds elapsed between a line and the one after
API String ID: 536389180-1384135373
Opcode ID: dcab990e1d1aa0a1e7ae7a7423319d25d3cc0e46616d7c9fecfab63c5ad469e0
Instruction ID: 08ef2545b8550b0fd43defee3b34f78db019d5305180cd534317096b19900834
Opcode Fuzzy Hash: dcab990e1d1aa0a1e7ae7a7423319d25d3cc0e46616d7c9fecfab63c5ad469e0
Instruction Fuzzy Hash: 4161E17630478489EB62CF2AE584BEA7364F74C784F904226EF9C43BA9EB39C404C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140018BDF Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 129COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0000000140018BDF
GetTickCount.KERNEL32 ref: 0000000140018BF1

Strings

%u hotkeys have been received in the last %ums.Do you want to continue?(see A_MaxHotkeysPerInterval in the help file), xrefs: 0000000140018C32

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CountTick
String ID: %u hotkeys have been received in the last %ums.Do you want to continue?(see A_MaxHotkeysPerInterval in the help file)
API String ID: 536389180-1114924310
Opcode ID: 1b64a63ecc160ea2d7b0198e8a8f1662b9d12618da222be4848cba209c9a8bbb
Instruction ID: e2da2c990c725bb693de79647b2b06ea58fa8d4153410aa03ebc159e39cb2a47
Opcode Fuzzy Hash: 1b64a63ecc160ea2d7b0198e8a8f1662b9d12618da222be4848cba209c9a8bbb
Instruction Fuzzy Hash: 7F617AB2609B8086E722CF27F8807E977A1F79CF84F144219EB4A5BBB4DB39C5408750

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140053740 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 128COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32 ref: 0000000140053894

Part of subcall function 0000000140053680: GetFileAttributesW.KERNEL32(00000020,000000014005379A), ref: 00000001400536BC

SHGetKnownFolderPath.SHELL32 ref: 00000001400537B1
CoTaskMemFree.OLE32 ref: 00000001400537DB

Strings

\Lib\, xrefs: 000000014005378B, 00000001400537E8
\AutoHotkey\Lib\, xrefs: 00000001400537B9

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: AttributesFile$FolderFreeKnownPathTask
String ID: \AutoHotkey\Lib\$\Lib\
API String ID: 3145814908-2051091515
Opcode ID: f2aa5674f55812654da1ed309786a7464b2aeb6e0293399537cfde90f18f8480
Instruction ID: 8ecfb3978b4ea7bb9073374108bf7c413be5c54f4c9ce3c49a1a581104215d4e
Opcode Fuzzy Hash: f2aa5674f55812654da1ed309786a7464b2aeb6e0293399537cfde90f18f8480
Instruction Fuzzy Hash: 7751C372604A8491EB22DF66E8883EA6360FB4DBD4F848126EF5D537B5DFB9C546C300

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140031AE4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 91COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32 ref: 0000000140031B14
GetProcessImageFileNameW.PSAPI ref: 0000000140031B32
QueryDosDeviceW.KERNEL32 ref: 0000000140031BAB
CloseHandle.KERNEL32 ref: 0000000140031C22

Strings

:, xrefs: 0000000140031B82

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Process$CloseDeviceFileHandleImageNameOpenQuery
String ID: :
API String ID: 284135930-336475711
Opcode ID: e8a8bcc66b1ccfaa3b0c2f866f3db70d9a499328521be6f0b4f43508bd5aadac
Instruction ID: 792e4219045a70f938ec6925c70befadb3ba142d8cfffbada423696173a80801
Opcode Fuzzy Hash: e8a8bcc66b1ccfaa3b0c2f866f3db70d9a499328521be6f0b4f43508bd5aadac
Instruction Fuzzy Hash: 1031B07621468192EB279F23E4443EA73A1FB8CBC0F449122EF49477A5EE39C986C750

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140012140 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 90COMMON

Download Yara Rule

APIs

OutputDebugStringW.KERNEL32(-00000041,00000000,?,0000000140054CE9), ref: 0000000140012271

Strings

stderr, xrefs: 0000000140012249
Warning: , xrefs: 00000001400121A6
Specifically: %s, xrefs: 000000014001220B
%s (%d) : ==> %s%s, xrefs: 00000001400121B0

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: DebugOutputString
String ID: Specifically: %s$%s (%d) : ==> %s%s$Warning: $stderr
API String ID: 1166629820-3119856357
Opcode ID: 17da25d3f63d143be9664ca3406247cd11e442e63eb13d2cd58a86953177c761
Instruction ID: f986b703b7e4f7eac70dc781d145a2d8f0a9bb1ae15b6e5121c7230ca5b9bdcb
Opcode Fuzzy Hash: 17da25d3f63d143be9664ca3406247cd11e442e63eb13d2cd58a86953177c761
Instruction Fuzzy Hash: 24418D72205A8092EB62DF12E8807EEB360F798BC4F844016FF8957A78DB3DC955D740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140007470 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 89clipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32(?,?,?,?,?,0000000140007460), ref: 0000000140007497
CloseClipboard.USER32(?,?,?,?,?,0000000140007460), ref: 00000001400074A4
GlobalUnlock.KERNEL32(?,?,?,?,?,0000000140007460), ref: 00000001400074C7
GlobalFree.KERNEL32 ref: 00000001400074E6

Strings

Out of memory. The current thread will exit., xrefs: 00000001400075D5

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Global$Unlock$ClipboardCloseFree
String ID: Out of memory. The current thread will exit.
API String ID: 1156981608-3615672414
Opcode ID: dbd133e0b2a0c6447763e525ac8836eeb30359b7383c1c842150ff79678f8afd
Instruction ID: 862e3fa401de202f39cac21e5681ea99170bc55acbce0dcd19dc2c1c16d267ef
Opcode Fuzzy Hash: dbd133e0b2a0c6447763e525ac8836eeb30359b7383c1c842150ff79678f8afd
Instruction Fuzzy Hash: B54117B1604A4086E652DF57F950BEA73A1BB8CBC4F48412AEB4817B75DF78C8919710

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400A4B50 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON

Download Yara Rule

Strings

Shell_TrayWnd, xrefs: 00000001400A4D4D

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID:
String ID: Shell_TrayWnd
API String ID: 0-2988720461
Opcode ID: 3f504ff5607b228ace99186032984acc635cb8c7e8cc7254eba93b24709caf01
Instruction ID: 9eeb307ecf1d9d7723fb0bf818179911ece080238c905fb4de47d79667c39de9
Opcode Fuzzy Hash: 3f504ff5607b228ace99186032984acc635cb8c7e8cc7254eba93b24709caf01
Instruction Fuzzy Hash: 2A415E75615B8085E762CB16E8813DAB3A5FB9CBD0F148229EB9943BB5DF38D481CB10

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000ECA0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 75COMMON

Download Yara Rule

Strings

UTF-16-RAW, xrefs: 000000014000ED13
UTF-8-RAW, xrefs: 000000014000ECD7
UTF-16, xrefs: 000000014000ECF5
UTF-8, xrefs: 000000014000ECBC

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: UTF-16$UTF-16-RAW$UTF-8$UTF-8-RAW
API String ID: 3215553584-2787617770
Opcode ID: 3fe9adab4c08f45d5b65463eaa55bd9396cb652b4aca0dc4d0e45c5b00427de3
Instruction ID: 57da7f6f3e12add912c38cae6344caf6e4b560ef83df028cbce7209a0c1da9c1
Opcode Fuzzy Hash: 3fe9adab4c08f45d5b65463eaa55bd9396cb652b4aca0dc4d0e45c5b00427de3
Instruction Fuzzy Hash: 662130E5B0134142FB5A9B67B9513F512909B5C7D5F885035BF094B2F1EA78C9D69300

Uniqueness

Uniqueness Score: -1.00%

Function 000000014006C2A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 66COMMON

Download Yara Rule

APIs

RemoveDirectoryW.KERNEL32 ref: 000000014006C2BB
GetFullPathNameW.KERNEL32 ref: 000000014006C2EE
GetFileAttributesW.KERNEL32 ref: 000000014006C326
SHFileOperationW.SHELL32 ref: 000000014006C388

Strings

\, xrefs: 000000014006C314

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: File$AttributesDirectoryFullNameOperationPathRemove
String ID: \
API String ID: 934956312-2967466578
Opcode ID: 5d51fb03fc7a8b287fad533664eca4e2e33f3c746549ad2d012522b43b2ed5fb
Instruction ID: df21a5f8c25cae153c6bb7d6ab0ddffdc781a4072ab6aecfc58ed4e496c31ef3
Opcode Fuzzy Hash: 5d51fb03fc7a8b287fad533664eca4e2e33f3c746549ad2d012522b43b2ed5fb
Instruction Fuzzy Hash: D431523251478081EB618F16F4447EAA3B1FB99794F688715EB9D437F4DB39C589CB00

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000C97C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50networkCOMMON

Download Yara Rule

APIs

sprintf.LEGACY_STDIO_DEFINITIONS ref: 000000014000C9C2
send.WSOCK32 ref: 000000014000C9E1
send.WSOCK32 ref: 000000014000CA15

Strings

An internal error has occurred in the debugger engine.Continue running the script without the debugger?, xrefs: 000000014000CA2D
<?xml version="1.0" encoding="UTF-8"?>, xrefs: 000000014000C9AD

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: send$sprintf
String ID: <?xml version="1.0" encoding="UTF-8"?>$An internal error has occurred in the debugger engine.Continue running the script without the debugger?
API String ID: 71988530-3162732081
Opcode ID: 7a393633ae3d780b91c39dcc93a06cfe175881e4a76e7d84143160d0d2505b7e
Instruction ID: 3d02886e26ff927cbba0ebbf8152cf799dce8e1ccf928625508e6c41a3348ff7
Opcode Fuzzy Hash: 7a393633ae3d780b91c39dcc93a06cfe175881e4a76e7d84143160d0d2505b7e
Instruction Fuzzy Hash: 1911A2B2720A4593EB22DB3AE5547E92361F78C7D8F444222F759479B5DF78C215C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400A3650 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 47libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(?,?,?,?,?,?,00000000,00000001400A1C4F,?,?,00000000,00000000,00000002,80000000,0000000140020ED2), ref: 00000001400A3680
GetProcAddress.KERNEL32(?,?,?,?,?,?,00000000,00000001400A1C4F,?,?,00000000,00000000,00000002,80000000,0000000140020ED2), ref: 00000001400A3690

Strings

IsHungAppWindow, xrefs: 00000001400A3689
user32, xrefs: 00000001400A3673

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: IsHungAppWindow$user32
API String ID: 1646373207-934392274
Opcode ID: c472ce45712707f961a85b07cdc46f4645a2ac9d255917eed8235940453b50c5
Instruction ID: 186094a462297f9c04707812601706d8eff40aa3fa2fd8ab2d1d3fcf71a446e8
Opcode Fuzzy Hash: c472ce45712707f961a85b07cdc46f4645a2ac9d255917eed8235940453b50c5
Instruction Fuzzy Hash: 8201ADB1602B0083FF06CB26B8507A923A4AF9C7D0F488129AA4A43770EF3CC5958A14

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003AED0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 46COMMON

Download Yara Rule

APIs

GetDateFormatEx.KERNEL32 ref: 000000014003AF4B

Strings

ddd, xrefs: 000000014003AF1A
dddd, xrefs: 000000014003AF13
MMMM, xrefs: 000000014003AEFC
MMM, xrefs: 000000014003AF03

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: DateFormat
String ID: MMM$MMMM$ddd$dddd
API String ID: 2793631785-2187213731
Opcode ID: 4d09fc4fe8b9d5f61fb537979fc3d3d35cdd238933b9334ac10866ef80e44e5d
Instruction ID: 15b902bfcfef20118eadb5c27813c62e7ea11a408ce85ff73d0faff01e91be60
Opcode Fuzzy Hash: 4d09fc4fe8b9d5f61fb537979fc3d3d35cdd238933b9334ac10866ef80e44e5d
Instruction Fuzzy Hash: 791106B2210A05C5EB55CF62E8457AD73A0F748B88F404125FB8D43BA4EB7CC995C780

Uniqueness

Uniqueness Score: -1.00%

Function 000000014007C400 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38windowCOMMON

Download Yara Rule

APIs

GetMenu.USER32 ref: 000000014007C424
IsWindowVisible.USER32 ref: 000000014007C433
SetWindowPos.USER32 ref: 000000014007C459
RedrawWindow.USER32 ref: 000000014007C46E

Strings

7, xrefs: 000000014007C444

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Window$MenuRedrawVisible
String ID: 7
API String ID: 1537645765-1790921346
Opcode ID: 92718fec80f960ca9b64b8603bca16726184f301a22c2150b581c00e14b6b204
Instruction ID: 58f99a724ee5356c9bafc2de5eb4a61e16efab1fe638157eed46aac9afe3d3eb
Opcode Fuzzy Hash: 92718fec80f960ca9b64b8603bca16726184f301a22c2150b581c00e14b6b204
Instruction Fuzzy Hash: 2E015272724A9082EB61CF26E454B6A6365FB8CFD8F085115EF4953B68CF78C541CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400172F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 28synchronizationCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,?,00000000,000000014001DC73), ref: 0000000140017306
CreateMutexW.KERNEL32(?,?,00000000,000000014001DC73), ref: 0000000140017317
GetLastError.KERNEL32(?,?,00000000,000000014001DC73), ref: 0000000140017320
CloseHandle.KERNEL32(?,?,00000000,000000014001DC73), ref: 0000000140017343

Strings

AHK Mouse, xrefs: 000000014001730C

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CloseHandle$CreateErrorLastMutex
String ID: AHK Mouse
API String ID: 2372642624-1022267635
Opcode ID: 5d50c6fbf85414e1debec82b42195ad48613f87189a36abbde586e6f9381cc2d
Instruction ID: 3b990641e00ba3d589790c9bb90652c6718c622d635d468fb8a1b93cb05704a0
Opcode Fuzzy Hash: 5d50c6fbf85414e1debec82b42195ad48613f87189a36abbde586e6f9381cc2d
Instruction Fuzzy Hash: E1F01775601B0181FB5A8B63B8547F822A2BB8CBC4F489024EF1A4B2B4CF3CC5469210

Uniqueness

Uniqueness Score: -1.00%

Function 000000014005B8F0 Relevance: 7.8, APIs: 1, Strings: 4, Instructions: 343stringCOMMON

Download Yara Rule

APIs

lstrcmpiW.KERNEL32 ref: 000000014005BC14

Strings

., xrefs: 000000014005BA87
%.17g, xrefs: 000000014005BA30, 000000014005BB32
., xrefs: 000000014005BB88
String, xrefs: 000000014005B9CD

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: lstrcmpi
String ID: %.17g$.$.$String
API String ID: 1586166983-3009439657
Opcode ID: 9b13102c51273c7c88edf156b2a6564ab9928b05807d7fd5c335c89181acc818
Instruction ID: 35df742ba82c2dd154220a99105891669f3d06de4d52ae58e760345b6040a53e
Opcode Fuzzy Hash: 9b13102c51273c7c88edf156b2a6564ab9928b05807d7fd5c335c89181acc818
Instruction Fuzzy Hash: 40E1BD32604684C5FB77DB27C0613FE66A1EB8DBC4F584126FB4A076B9DB7AE840C611

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140032A50 Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 203COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 0000000140032AAB
LeaveCriticalSection.KERNEL32 ref: 0000000140032BDD

Strings

Compile error %d at offset %d: %hs, xrefs: 0000000140032D31

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: Compile error %d at offset %d: %hs
API String ID: 3168844106-1211130369
Opcode ID: 45e465fc30a7c4ba9c4f400e86f132928c9d60b4eb5fabbfee9062d34068ab19
Instruction ID: a021edfb542db3872e31fda255732757ee7a1880a4030c70888e012f8f368c73
Opcode Fuzzy Hash: 45e465fc30a7c4ba9c4f400e86f132928c9d60b4eb5fabbfee9062d34068ab19
Instruction Fuzzy Hash: D5917972215B8486EB639F16E4403EAB3A0F788BC4F488516EF8A577A4EF38C945C340

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400157A0 Relevance: 7.7, APIs: 5, Instructions: 163windowCOMMON

Download Yara Rule

APIs

CharLowerW.USER32(0000000A,00000000,00000000,000000014001568E), ref: 0000000140015803
CharLowerW.USER32 ref: 000000014001580F
CharLowerW.USER32 ref: 000000014001582D
PostMessageW.USER32 ref: 00000001400159B8

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CharLower$MessagePost
String ID:
API String ID: 1413635493-0
Opcode ID: 6f7228563148cd5db377a5e63305665e003d2762e6f66ca407b545163fbc6af7
Instruction ID: 631e5018476359eefee08a6277e77e6d62724f31d9a264b434f1b4aa02104cc5
Opcode Fuzzy Hash: 6f7228563148cd5db377a5e63305665e003d2762e6f66ca407b545163fbc6af7
Instruction Fuzzy Hash: 7361CF32600250CBEB26AF27D5807A977A0F74CBD6F444125EF495FBA0EB36D862D700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140088550 Relevance: 7.6, APIs: 5, Instructions: 100windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32 ref: 0000000140088585
SendMessageW.USER32 ref: 00000001400885A5
SendMessageW.USER32 ref: 00000001400885FC
GetDlgCtrlID.USER32 ref: 0000000140088615
PostMessageW.USER32 ref: 0000000140088682

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Message$Send$CtrlPost
String ID:
API String ID: 195378345-0
Opcode ID: 5a29d7807fcb7a40a4508b3948ec1832a676ace26152956a4bce0e4c7a825698
Instruction ID: 3a05d15bb713a4dccf50ea99e2ab160a61d0ce492be03d17405b1985107e2873
Opcode Fuzzy Hash: 5a29d7807fcb7a40a4508b3948ec1832a676ace26152956a4bce0e4c7a825698
Instruction Fuzzy Hash: 1341C03330564086EB72CB67A4507ED27A2FB8CBD4F595525EF0A43BA5DB34CA968700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400413B0 Relevance: 7.6, APIs: 5, Instructions: 81COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32 ref: 000000014004143E
GetParent.USER32 ref: 0000000140041453
GetWindowLongW.USER32 ref: 0000000140041469
GetWindowRect.USER32 ref: 000000014004147F
MapWindowPoints.USER32 ref: 0000000140041495

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Window$Long$ParentPointsRect
String ID:
API String ID: 2819293416-0
Opcode ID: 905f86a98a61a0c7044bac08b6c602e56f0d8b7b877c0bbac510059615e28997
Instruction ID: e22f1c936948d9bf034514bed4e5ecc65eacec65602a315b64e6e37b70b528c4
Opcode Fuzzy Hash: 905f86a98a61a0c7044bac08b6c602e56f0d8b7b877c0bbac510059615e28997
Instruction Fuzzy Hash: 5E314A32304B908ADB51CF16E4483DEB7A1F7C9BD0F598125EB9C4BBA8DB39C8418B44

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003CC20 Relevance: 7.6, APIs: 5, Instructions: 81windowCOMMON

Download Yara Rule

APIs

GetMenu.USER32 ref: 000000014003CCAE
EnableMenuItem.USER32 ref: 000000014003CCC2
EnableMenuItem.USER32 ref: 000000014003CCD3
EnableMenuItem.USER32 ref: 000000014003CCE4
EnableMenuItem.USER32 ref: 000000014003CCF5

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Menu$EnableItem
String ID:
API String ID: 3409067670-0
Opcode ID: 3a483320af5099af0f3817a8d0dfd04a4154d504e67a1e2885b7aa335f91e16a
Instruction ID: 05c2d2918710338adbff6093cf71c789c31c564ea7797628dc355aa77dd70291
Opcode Fuzzy Hash: 3a483320af5099af0f3817a8d0dfd04a4154d504e67a1e2885b7aa335f91e16a
Instruction Fuzzy Hash: DC31B43232074082F667AB2BE4547BB6795FB8EBC0F185026FB4A877B5CE38C8559350

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140021DC0 Relevance: 7.6, APIs: 5, Instructions: 81keyboardthreadCOMMON

Download Yara Rule

APIs

GetKeyState.USER32 ref: 0000000140021DDB
GetKeyState.USER32 ref: 0000000140021E07
GetForegroundWindow.USER32 ref: 0000000140021E52
GetWindowThreadProcessId.USER32 ref: 0000000140021E5D
GetKeyState.USER32 ref: 0000000140021E9D

Part of subcall function 000000014001FC20: GetCurrentThreadId.KERNEL32 ref: 000000014001FC70
Part of subcall function 000000014001FC20: MapVirtualKeyW.USER32 ref: 000000014001FCEF

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: State$ThreadWindow$CurrentForegroundProcessVirtual
String ID:
API String ID: 2333321213-0
Opcode ID: 0d1386103f0c4f5102eeffef51c48bd188008dfd66f559c7e068be32abcb14d9
Instruction ID: 28b3d793174e0da6e4ba66148a0e4936905aa053e0497bff4688962b918c3746
Opcode Fuzzy Hash: 0d1386103f0c4f5102eeffef51c48bd188008dfd66f559c7e068be32abcb14d9
Instruction Fuzzy Hash: E131EF3260425187E762CB66F8817EE77A2F7ECBD4F454219FB84036B5CB3AC801AB40

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400CEE30 Relevance: 7.6, APIs: 5, Instructions: 64COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00000001400CEE5D

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 2e312d1957bd99225d90d207b0ed5b79a983b60f6d27eda64be17ca707034db6
Instruction ID: be11b32ee1781b2b4267516e287fa4d1c7ede86072926714d35fa207573fa233
Opcode Fuzzy Hash: 2e312d1957bd99225d90d207b0ed5b79a983b60f6d27eda64be17ca707034db6
Instruction Fuzzy Hash: 23215331608780C6FB269B63E4403EDB7A1AB8CBE0F588625FB5957BF5DB38C4429711

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400D7624 Relevance: 7.6, APIs: 5, Instructions: 56COMMON

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00000001400D764C
_set_statfp.LIBCMT ref: 00000001400D7667
_set_statfp.LIBCMT ref: 00000001400D7683
_set_statfp.LIBCMT ref: 00000001400D76BF

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: a08b61cdabab33a0e26783602128662f32891b73ad71f8ff16436045d9ace045
Instruction ID: ada8af09da86b611ca4328990cd2af4031932c0a0124598aeed6e7006eab221c
Opcode Fuzzy Hash: a08b61cdabab33a0e26783602128662f32891b73ad71f8ff16436045d9ace045
Instruction Fuzzy Hash: 70117C32A50E1105F76A212EE486BED25406F9C3F4F080624BB7E176FAFB38C8438230

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400D0B64 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,00000001400D0067,?,?,00000000,00000001400D0302,?,?,?,?,?,00000001400D028E), ref: 00000001400D0B83
FlsSetValue.KERNEL32(?,?,?,00000001400D0067,?,?,00000000,00000001400D0302,?,?,?,?,?,00000001400D028E), ref: 00000001400D0BA2
FlsSetValue.KERNEL32(?,?,?,00000001400D0067,?,?,00000000,00000001400D0302,?,?,?,?,?,00000001400D028E), ref: 00000001400D0BCA
FlsSetValue.KERNEL32(?,?,?,00000001400D0067,?,?,00000000,00000001400D0302,?,?,?,?,?,00000001400D028E), ref: 00000001400D0BDB
FlsSetValue.KERNEL32(?,?,?,00000001400D0067,?,?,00000000,00000001400D0302,?,?,?,?,?,00000001400D028E), ref: 00000001400D0BEC

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 3390332fc915b0d18d59a95c62756b0b1d8b5b0c2e379df4f6fa63f0fa262e72
Instruction ID: 65abf92d003ca78cadcf08273f69525a7e654d1749d67f7dca947169d442d1ed
Opcode Fuzzy Hash: 3390332fc915b0d18d59a95c62756b0b1d8b5b0c2e379df4f6fa63f0fa262e72
Instruction Fuzzy Hash: 09110A3031464083FA5BA76775513ED62529F4C7F4F149326BA2A1B6FADE78D4438A20

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140029520 Relevance: 7.6, APIs: 5, Instructions: 51filetimeCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 0000000140029552
GetLastError.KERNEL32 ref: 0000000140029561
SetFileTime.KERNEL32 ref: 00000001400295A9
GetLastError.KERNEL32 ref: 00000001400295B5
CloseHandle.KERNEL32 ref: 00000001400295C8

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: ErrorFileLast$CloseCreateHandleTime
String ID:
API String ID: 1269242970-0
Opcode ID: acfa01ea6e2099e0b097abc4bc3b8e8f2621606bda5c768092a1d803013db7d4
Instruction ID: 65cb11c0745fe7c89bdb86629eba169dada42a0adfb4582eadfbe09e7ab89642
Opcode Fuzzy Hash: acfa01ea6e2099e0b097abc4bc3b8e8f2621606bda5c768092a1d803013db7d4
Instruction Fuzzy Hash: CA11BF75704B4082E7929B67FA207A96791E78CBE4F448225EF5943BB4DA38C8829700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001A4E0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 305COMMON

Download Yara Rule

APIs

GetKeyboardLayout.USER32 ref: 000000014001A5EB

Strings

Joy, xrefs: 000000014001A756
Unsupported prefix key., xrefs: 000000014001A7DA
Invalid key name., xrefs: 000000014001A87A

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: KeyboardLayout
String ID: Invalid key name.$Joy$Unsupported prefix key.
API String ID: 194098044-3124078654
Opcode ID: aefa913960ab03e36c23db47676779af62b392083bd8ec027fe3d543304e7470
Instruction ID: c6332db75434526885a7121b6ee7335e38801b8f26e110e83065f2d4efbcf9dc
Opcode Fuzzy Hash: aefa913960ab03e36c23db47676779af62b392083bd8ec027fe3d543304e7470
Instruction Fuzzy Hash: 09C1F67260869041FF679B2795503FA63A1EB4ABD0F884116FF864B6F1EB3EC946D310

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400C67CC Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 229COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00000001400C6808
_invalid_parameter_noinfo.LIBCMT ref: 00000001400C692F
_invalid_parameter_noinfo.LIBCMT ref: 00000001400C69F1

Strings

string, xrefs: 00000001400C67DE

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: string
API String ID: 3215553584-2663297705
Opcode ID: 56768677618132ab276ad5c504a3ad07528e0b5aab01c0a9025fd99945f807ab
Instruction ID: 6ca57cc089db8ae945988ed8baea41c34321b2f473d5bef84c56a95c84bdaf9b
Opcode Fuzzy Hash: 56768677618132ab276ad5c504a3ad07528e0b5aab01c0a9025fd99945f807ab
Instruction Fuzzy Hash: 4A91C132209B4485FB7B9B36D5583EE3795AB08BE4F488316EB6A473E4DB38C4468741

Uniqueness

Uniqueness Score: -1.00%

Function 000000014002CB90 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 136COMMON

Download Yara Rule

Strings

Invalid option., xrefs: 000000014002CD7D
Password, xrefs: 000000014002CC05

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID:
String ID: Invalid option.$Password
API String ID: 0-1717135785
Opcode ID: de7265c16e4a62354581a2f016d57ae5925d38c569751c3e1df07f4f55403adb
Instruction ID: 9c08882a54e5893ae32b46b9e9587b827b9be36f4d96795043b7400551572aaf
Opcode Fuzzy Hash: de7265c16e4a62354581a2f016d57ae5925d38c569751c3e1df07f4f55403adb
Instruction Fuzzy Hash: F251027A62464089E7678B37D400BF97AA1E78DBC8F508639FF4553AF9E638CC81C604

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140029C20 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON

Download Yara Rule

Strings

The control is destroyed., xrefs: 0000000140077081

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID:
String ID: The control is destroyed.
API String ID: 0-604737106
Opcode ID: 60ba2d63bb76951981cce1e63ca345a7bf43591103e3f1d1fcd638844ca5ef02
Instruction ID: fa579814614ce4b588a52e5703e66f5f139e169399a5104aa2aa6dcfa4a8d72d
Opcode Fuzzy Hash: 60ba2d63bb76951981cce1e63ca345a7bf43591103e3f1d1fcd638844ca5ef02
Instruction Fuzzy Hash: B1412331704684C6FB22CB16E4907EA33E1E79CBD0F904029EB4A47BA5DA3DCD82DB00

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400A3410 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 87windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32 ref: 00000001400A3530
MessageBoxW.USER32 ref: 00000001400A3554

Strings

AutoHotkey v2.0.12, xrefs: 00000001400A3494
Press OK to continue., xrefs: 00000001400A3466

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Message$Post
String ID: AutoHotkey v2.0.12$Press OK to continue.
API String ID: 3307098700-30377986
Opcode ID: 2110b15ea21b28e690bcf56c472c1db13a5deb448f96eb32c03a5a8737fcdb9b
Instruction ID: ed9aeb56e123151b030c04d161f682e6411e81132cab0349979210dad25d27ee
Opcode Fuzzy Hash: 2110b15ea21b28e690bcf56c472c1db13a5deb448f96eb32c03a5a8737fcdb9b
Instruction Fuzzy Hash: FC4162B2604AC485EA23DB26F4513EA73A4FFADBC4F448616BB45176B5DB38C5818B40

Uniqueness

Uniqueness Score: -1.00%

Function 000000014008ACC0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74windowCOMMON

Download Yara Rule

APIs

RemoveMenu.USER32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,0000000140045C76), ref: 000000014008AD02
SetMenuItemInfoW.USER32 ref: 000000014008AD3F
DeleteObject.GDI32 ref: 000000014008AD49

Strings

P, xrefs: 000000014008AD1F

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Menu$DeleteInfoItemObjectRemove
String ID: P
API String ID: 1523629976-3110715001
Opcode ID: fe26a19f74bcbc306b22ef99270305339c91066869bfedb242ac03cdb3307969
Instruction ID: 3c1177bdbc344999e7bfc51ade00b44686189e8dbbd84c2b078828f8a28d9814
Opcode Fuzzy Hash: fe26a19f74bcbc306b22ef99270305339c91066869bfedb242ac03cdb3307969
Instruction Fuzzy Hash: D0310332201B4087EB66CF22E5547AE73A4FB89F95F544125EB8A53F64CF38D9628740

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003AF90 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 71timeCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 000000014003AFCF
GetLocalTime.KERNEL32 ref: 000000014003AFFD

Strings

%03d, xrefs: 000000014003B015
MSec, xrefs: 000000014003AFB8

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CountLocalTickTime
String ID: %03d$MSec
API String ID: 173086840-1589134449
Opcode ID: aa066b016b8bf57499d64203e75f927de99ab3e90c45fcfdd48a2eea6c7fd18c
Instruction ID: 611cdb57e25e50e33ab66944c601d88be98ad6f9f1351b18a8866e9c0b793f38
Opcode Fuzzy Hash: aa066b016b8bf57499d64203e75f927de99ab3e90c45fcfdd48a2eea6c7fd18c
Instruction Fuzzy Hash: 633104B230465187EB1ADB26F4503FA73A2E70CB84F484225EF5543AB5EB78C481C710

Uniqueness

Uniqueness Score: -1.00%

Function 000000014008ABB0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69windowCOMMON

Download Yara Rule

APIs

RemoveMenu.USER32(?,?,?,?,?,?,?,?,?,?,?,?,009EE9C0,000000014008BAE6), ref: 000000014008ABEC
SetMenuItemInfoW.USER32 ref: 000000014008AC26
DeleteObject.GDI32 ref: 000000014008AC30

Strings

P, xrefs: 000000014008AC02

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Menu$DeleteInfoItemObjectRemove
String ID: P
API String ID: 1523629976-3110715001
Opcode ID: 4c443a5a421109167d42f42949d578c7f2bc99cfd770c11f79c3bedb10a844df
Instruction ID: 4c7bb65e9eba881af41cbb766937a6bfdc824d86d17c1940d8ec4f25008e1ce6
Opcode Fuzzy Hash: 4c443a5a421109167d42f42949d578c7f2bc99cfd770c11f79c3bedb10a844df
Instruction Fuzzy Hash: 06312973201A0087EBA6CF26E5947AD33A1FB89B88F145115EB4E47AA5CF3DC9A5C740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140003932 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58clipboardCOMMON

Download Yara Rule

APIs

CountClipboardFormats.USER32 ref: 0000000140003932
IsClipboardFormatAvailable.USER32 ref: 0000000140003941
IsClipboardFormatAvailable.USER32 ref: 000000014000394E

Strings

OnClipboardChange, xrefs: 00000001400039C1

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Clipboard$AvailableFormat$CountFormats
String ID: OnClipboardChange
API String ID: 2374125688-2677261247
Opcode ID: c88afefd0eaa79b4f476dc221cd6f29ba05156d13f7db15cf0a594b16040fe4d
Instruction ID: 6de5f2338cd4656a93678dee41239f4af6bbeccf2913fb81099828d3b12a7cd9
Opcode Fuzzy Hash: c88afefd0eaa79b4f476dc221cd6f29ba05156d13f7db15cf0a594b16040fe4d
Instruction Fuzzy Hash: 6E3106B1605A8089EB53CFABF8957E973A5B79CB84F504429E74EA7770DF78C5848300

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140026CCC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 0000000140026D26

Strings

\\.\%c:, xrefs: 0000000140026CF2

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CreateFile
String ID: \\.\%c:
API String ID: 823142352-1260769427
Opcode ID: 652eed77f712fa215adef4abe4c5d507edfbb038aba7028adcfbb6b1e27e72de
Instruction ID: 7c8f70c043d47d94de995aeadba6d4cd9f0e81df44b37ad1cfd7d12771aba875
Opcode Fuzzy Hash: 652eed77f712fa215adef4abe4c5d507edfbb038aba7028adcfbb6b1e27e72de
Instruction Fuzzy Hash: 2D11D0727246C082EB218B21F5447EE6360F7987E4F208305F79947AE8CB3DC448CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400414F0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37threadCOMMON

Download Yara Rule

APIs

GetWindowThreadProcessId.USER32 ref: 000000014004152E
GetGUIThreadInfo.USER32 ref: 000000014004153B
IsChild.USER32 ref: 0000000140041569

Strings

H, xrefs: 0000000140041526

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Thread$ChildInfoProcessWindow
String ID: H
API String ID: 2321189416-2852464175
Opcode ID: d7e86d82acf2f54f00ed2766fffdaf59ead89169b3b147057df290598db73afc
Instruction ID: 4b3cbb74fecfb63aedd492cb48c4bda272bdac3788726934156f6d29e28e6233
Opcode Fuzzy Hash: d7e86d82acf2f54f00ed2766fffdaf59ead89169b3b147057df290598db73afc
Instruction Fuzzy Hash: 6C014472604A8082D765CF16E4403DEB3A2FBC9784F84C025E78E87B69DF3CC5198B00

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000CEA8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31networkCOMMON

Download Yara Rule

APIs

shutdown.WSOCK32(?,?,An internal error has occurred in the debugger engine.Continue running the script without the debugger?,000000014000CF89,?,?,00000001,000000014000CA39), ref: 000000014000CEC0
closesocket.WSOCK32(?,?,An internal error has occurred in the debugger engine.Continue running the script without the debugger?,000000014000CF89,?,?,00000001,000000014000CA39), ref: 000000014000CECA
WSACleanup.WSOCK32(?,?,An internal error has occurred in the debugger engine.Continue running the script without the debugger?,000000014000CF89,?,?,00000001,000000014000CA39), ref: 000000014000CED5

Strings

An internal error has occurred in the debugger engine.Continue running the script without the debugger?, xrefs: 000000014000CEA8

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Cleanupclosesocketshutdown
String ID: An internal error has occurred in the debugger engine.Continue running the script without the debugger?
API String ID: 4072869047-3051851581
Opcode ID: 7187ae2270285f8229a00b73a2b42a4fcbdc92e186b94f7d472f4d10cb0c5f4e
Instruction ID: fb264974beb449c7346582f1024a55ce478a03df2db8da6d965833dbbfef1cb6
Opcode Fuzzy Hash: 7187ae2270285f8229a00b73a2b42a4fcbdc92e186b94f7d472f4d10cb0c5f4e
Instruction Fuzzy Hash: 10012CB3510A8087E3518F35D4493A833A2FB18B7EF294724EB754A1EACB78444A8311

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400180F0 Relevance: 6.4, APIs: 4, Instructions: 359registrytimeCOMMON

Download Yara Rule

APIs

UnregisterHotKey.USER32 ref: 00000001400181C7
RegisterHotKey.USER32 ref: 00000001400184E2
UnregisterHotKey.USER32 ref: 0000000140018511
SetTimer.USER32 ref: 0000000140018604

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Unregister$RegisterTimer
String ID:
API String ID: 1006365865-0
Opcode ID: b8c7260effb900c2f02a8a9f1f1f7facd87194166b92b337030e1ba911a1d58b
Instruction ID: 4031f1dce82c4cbe3029638fe10fb3697aa687a2a6ddf17bf7e0911b7c39938a
Opcode Fuzzy Hash: b8c7260effb900c2f02a8a9f1f1f7facd87194166b92b337030e1ba911a1d58b
Instruction Fuzzy Hash: B4F1AC7260469086FB778B2794847E93BE5E31EB98F08410AEF950B6F5C73ACB94D350

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400D7A00 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 00000001400D7A7F
WriteFile.KERNEL32 ref: 00000001400D7D47
WriteFile.KERNEL32 ref: 00000001400D7D8D
GetLastError.KERNEL32 ref: 00000001400D7E43

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: b79a6ec082fe483fdd2605973ac1504d7a02aeb14b572a5d0d2793b889f7161a
Instruction ID: 1b6d47bf3c867f37c93a683c75092a1eb2fadb6d5dff064733531a2b68f0d7e3
Opcode Fuzzy Hash: b79a6ec082fe483fdd2605973ac1504d7a02aeb14b572a5d0d2793b889f7161a
Instruction Fuzzy Hash: BCD19E32714A808AE712CF6AD4407EC37B6EB58BD8F444216EF5E97BA9EA34C517C710

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400D8328 Relevance: 6.2, APIs: 4, Instructions: 218COMMON

Download Yara Rule

APIs

GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000001400D8313,00000000), ref: 00000001400D8444
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000001400D8313,00000000), ref: 00000001400D84CF

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: 7e18dfcf9d0e0a33a02a27009ee663a2e34e3ae49fc144e679e6a625f334d032
Instruction ID: 5470b4d00b1d45224e85c680f77b61b531267a27246ceb2f8aa36545436c9caf
Opcode Fuzzy Hash: 7e18dfcf9d0e0a33a02a27009ee663a2e34e3ae49fc144e679e6a625f334d032
Instruction Fuzzy Hash: AC91A172710A5099F7729F6B94847ED2BA0FB48BD8F544119FF0A67AA9DB34C483C720

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001F9A0 Relevance: 6.2, APIs: 4, Instructions: 165COMMON

Download Yara Rule

APIs

UnhookWindowsHookEx.USER32 ref: 000000014001FA28
GetTickCount.KERNEL32 ref: 000000014001FA87
GetTickCount.KERNEL32 ref: 000000014001FBC0

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CountTick$HookUnhookWindows
String ID:
API String ID: 4100890187-0
Opcode ID: 9752b2dfa383e3bd4e87bf540c9b2dd52e3079e85b3a29855a46595f35fa1bc1
Instruction ID: 5870de6e1e6f97b51e7a728abadb61a700535198d5710c8fd4196ef5c61b8079
Opcode Fuzzy Hash: 9752b2dfa383e3bd4e87bf540c9b2dd52e3079e85b3a29855a46595f35fa1bc1
Instruction Fuzzy Hash: 4671A1B2205A90CAE756CF2BE5503A97BA0F74CF94F44801AEF494B7B9DB39C891D710

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140042F70 Relevance: 6.1, APIs: 4, Instructions: 149windowCOMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32 ref: 00000001400430AD
IsWindowVisible.USER32 ref: 00000001400430CE
DwmGetWindowAttribute.DWMAPI ref: 00000001400430F8

Part of subcall function 0000000140044570: IsWindow.USER32 ref: 0000000140044633

EnumWindows.USER32 ref: 0000000140043185

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Window$AttributeEnumForegroundVisibleWindows
String ID:
API String ID: 862223837-0
Opcode ID: 1307dceefd0dc3aaea48b6d17cec6977302fb9a9ffc29d613ea10e2680e3af3e
Instruction ID: ee19d53a1d4d3cb76b10e9f91c6afd2ad0597a828aac19bfe0978ca18c5b2b6c
Opcode Fuzzy Hash: 1307dceefd0dc3aaea48b6d17cec6977302fb9a9ffc29d613ea10e2680e3af3e
Instruction Fuzzy Hash: DE51AD32604B8488FB66DF23D8547E966A0AB4DBD4F4A5235EF4A477F5DB38C880C744

Uniqueness

Uniqueness Score: -1.00%

Function 000000014009C8E0 Relevance: 6.1, APIs: 4, Instructions: 140COMMON

Download Yara Rule

APIs

CharLowerW.USER32 ref: 000000014009C94D
CharLowerW.USER32 ref: 000000014009C9C0
CharLowerW.USER32 ref: 000000014009CA5B
CharLowerW.USER32 ref: 000000014009CA68

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CharLower
String ID:
API String ID: 1615517891-0
Opcode ID: d5b017b055dc67834d6b85db1934eaa7c42cd291592b277cfa4d506457bee0f5
Instruction ID: b3d47d02b322a5e1d24ab2eedc195732f509c291288ad1b79d7ac25385c42edb
Opcode Fuzzy Hash: d5b017b055dc67834d6b85db1934eaa7c42cd291592b277cfa4d506457bee0f5
Instruction Fuzzy Hash: 3751E6B2E2455481EB319B17A008BFE77A1F34DBE8F904216FB9A136E4D778C482C705

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140003346 Relevance: 6.1, APIs: 4, Instructions: 133windowCOMMON

Download Yara Rule

APIs

MulDiv.KERNEL32 ref: 00000001400033A6
MulDiv.KERNEL32 ref: 00000001400033F1
ShowWindow.USER32 ref: 000000014000364B
IsWindowVisible.USER32 ref: 0000000140003656

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Window$ShowVisible
String ID:
API String ID: 4185057100-0
Opcode ID: 1f784e3e75de596441bbe620b1a0f760fc2fb5b97b33a0d76cea144d45e9f863
Instruction ID: 0317a9d5720cbe0da388430cca8e27a74a5be66fc91fe2a9cedd0ec9d076241c
Opcode Fuzzy Hash: 1f784e3e75de596441bbe620b1a0f760fc2fb5b97b33a0d76cea144d45e9f863
Instruction Fuzzy Hash: 98517AB2604A8486EB66CF26E458BEE77A5F78DBC4F494115EB8A437B4DF38C548C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400C8958 Relevance: 6.1, APIs: 4, Instructions: 96COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00000001400C89DB
_invalid_parameter_noinfo.LIBCMT ref: 00000001400C8A47
_invalid_parameter_noinfo.LIBCMT ref: 00000001400C8A88
_invalid_parameter_noinfo.LIBCMT ref: 00000001400C8AB0

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: e32fc103eb36b1a22ebe4ba43b9a32b87b561eb0cd1f9b123204ba5e6607db04
Instruction ID: dd59329e4844af888e791bb4f58da224d038ba9796dc1723b5ceab2f4022caf3
Opcode Fuzzy Hash: e32fc103eb36b1a22ebe4ba43b9a32b87b561eb0cd1f9b123204ba5e6607db04
Instruction Fuzzy Hash: C6414D32504B4581FB66AF66D4013AD33A4FB48FE0F448212EFA9073E5EB78C491C316

Uniqueness

Uniqueness Score: -1.00%

Function 000000014002BB60 Relevance: 6.1, APIs: 4, Instructions: 82windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32 ref: 000000014002BBD9

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: a36f779ff009dd4323b8b6a5c5cdc3ce9a770f9aa3b89dc8721915226d1e89f8
Instruction ID: 8791a8d4ad5f817d4638ed64445d334f2dfb8b5d36cbd93f80f7a54748feed31
Opcode Fuzzy Hash: a36f779ff009dd4323b8b6a5c5cdc3ce9a770f9aa3b89dc8721915226d1e89f8
Instruction Fuzzy Hash: 5821073271094482F7664B27F5557AE2292DB98BC4F148435FB4B97BE8DA3CCCD29700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400439A0 Relevance: 6.1, APIs: 4, Instructions: 72COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32 ref: 0000000140043A3A
SetWindowLongW.USER32 ref: 0000000140043A53
SetWindowLongW.USER32 ref: 0000000140043A62
SetLayeredWindowAttributes.USER32 ref: 0000000140043A74

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Window$Long$AttributesLayered
String ID:
API String ID: 2169480361-0
Opcode ID: 0907af38386d0aa0492deaa43fb875f35270cf60df9fb004a2c9db8374acc113
Instruction ID: 5916c8efc2b680f935134cf03221a4a42c0cee5d30aae29cc753ca9603814854
Opcode Fuzzy Hash: 0907af38386d0aa0492deaa43fb875f35270cf60df9fb004a2c9db8374acc113
Instruction Fuzzy Hash: DF21A135704A4082EB259F2BA4447AAB7A2ABC8BE0F158125FF8A437B4DB78C4858755

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140027890 Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32 ref: 000000014002789D
SetLastError.KERNEL32 ref: 00000001400278AF
CreateDirectoryW.KERNEL32 ref: 0000000140027905
GetLastError.KERNEL32 ref: 000000014002790F

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: ErrorLast$AttributesCreateDirectoryFile
String ID:
API String ID: 635176117-0
Opcode ID: 1e1f7d628d4fc4de21c46309b4670a49f505ed4358d49ca0b8d6fafbe00b601b
Instruction ID: 305b213195bf36953affd29313cd3e5fc4ec7bbddce1f8177739138899674636
Opcode Fuzzy Hash: 1e1f7d628d4fc4de21c46309b4670a49f505ed4358d49ca0b8d6fafbe00b601b
Instruction Fuzzy Hash: 7A11A336B1474081EB569B67B5487ED63A1EB8CBC4F085115FB5E477B5DE38C8C28704

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140041800 Relevance: 6.1, APIs: 4, Instructions: 53threadwindowCOMMON

Download Yara Rule

APIs

GetWindowThreadProcessId.USER32 ref: 0000000140041852
AttachThreadInput.USER32 ref: 0000000140041882
SetFocus.USER32 ref: 0000000140041893
AttachThreadInput.USER32 ref: 00000001400418CA

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Thread$AttachInput$FocusProcessWindow
String ID:
API String ID: 2336002036-0
Opcode ID: 666cd0efde42a4e80bc4a894c7507fb2c679ab2fa3e844137770aebc4515e153
Instruction ID: d20d52ec5746f1e13a6f49fa1995b2616ef22ae230c1b2eef5c56462f9e09ea4
Opcode Fuzzy Hash: 666cd0efde42a4e80bc4a894c7507fb2c679ab2fa3e844137770aebc4515e153
Instruction Fuzzy Hash: D8210B31604B4082E7229B26F8917DA7362FBCDBD0F554129FB8947BB9DF39D8458B10

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400BA660 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00000001400BA68C
GetCurrentThreadId.KERNEL32 ref: 00000001400BA69A
GetCurrentProcessId.KERNEL32 ref: 00000001400BA6A6
QueryPerformanceCounter.KERNEL32 ref: 00000001400BA6B6

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: db55a7fd7ce89f31cbd65c327fee6df84e5d28cb2e2512aaf4126d20c480c642
Instruction ID: 4db4768e0261470a34a50722439763c8d669bef10dd4185851e5fc04a3d71dcd
Opcode Fuzzy Hash: db55a7fd7ce89f31cbd65c327fee6df84e5d28cb2e2512aaf4126d20c480c642
Instruction Fuzzy Hash: B0111536715F008AEB00CF61E8543A933A4FB1DBA8F441A21EB6D87BA4DB78C1998340

Uniqueness

Uniqueness Score: -1.00%

Function 000000014005D890 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 287COMMON

Download Yara Rule

Strings

", xrefs: 000000014005D9D1
Out of memory., xrefs: 000000014005D93A

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID:
String ID: "$Out of memory.
API String ID: 0-1555670740
Opcode ID: 4b10c537d63a0949055f7124952f3c3e3b750db3f1013ca7832244fcd6bda647
Instruction ID: 2041c2237d8245c866b2564919848e1aab9507616a8f74384433317555c12fed
Opcode Fuzzy Hash: 4b10c537d63a0949055f7124952f3c3e3b750db3f1013ca7832244fcd6bda647
Instruction Fuzzy Hash: 8EC18872601A90C5EB72DF2694407EA37A5F748BE4F898617FB99077E4EB36C981C300

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400246DC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 199COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 00000001400248C0

Strings

Callback, xrefs: 000000014002488A

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CountTick
String ID: Callback
API String ID: 536389180-2156861040
Opcode ID: ad88c62e088bdafcc3909c7b00ab17768b8c3689d022b2eb07620a17c7b20ac9
Instruction ID: ed89b7c79fab8bbacf1fa38e36b4b1e8b8344ac3b30116dbc7d86ad070ee2a1e
Opcode Fuzzy Hash: ad88c62e088bdafcc3909c7b00ab17768b8c3689d022b2eb07620a17c7b20ac9
Instruction Fuzzy Hash: 73A1B172A14BC096EB12CF26E8413E937A0F35DB98F544319EB9D17AB2DB39D495C300

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140044CA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 173COMMON

Download Yara Rule

APIs

Part of subcall function 0000000140044570: IsWindow.USER32 ref: 0000000140044633

GetForegroundWindow.USER32 ref: 0000000140044D04

Strings

%.17g, xrefs: 0000000140044E0B
String, xrefs: 0000000140044EAB

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Window$Foreground
String ID: %.17g$String
API String ID: 62970417-734013530
Opcode ID: 67c9fbb32bc6c1d64bc17dc0c82eba770737688e538e22503c82d891e373050a
Instruction ID: de0493117823689b7928deeb636cf65e0e7ff16bb75ce32a3abc1f2b5ecf30c6
Opcode Fuzzy Hash: 67c9fbb32bc6c1d64bc17dc0c82eba770737688e538e22503c82d891e373050a
Instruction Fuzzy Hash: 89715B3260878081EB639B17A5443E96BA5F79DBD8F564032FF8907AB5CB78C8858748

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140060C5C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 158windowCOMMON

Download Yara Rule

APIs

Shell_NotifyIconW.SHELL32 ref: 0000000140060E24
Shell_NotifyIconW.SHELL32 ref: 0000000140060E4C

Strings

, xrefs: 0000000140060E05

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: IconNotifyShell_
String ID:
API String ID: 1144537725-3916222277
Opcode ID: bc2fa053150f835eea45821aca818997962e76aa597078730b3f665593754b9a
Instruction ID: 008b3f679a2ea4be15213c15d6b2ba2d57aaccdb7c63a17ee6f9b44bee1d1953
Opcode Fuzzy Hash: bc2fa053150f835eea45821aca818997962e76aa597078730b3f665593754b9a
Instruction Fuzzy Hash: 2441837224878087E7768F56E8943EAB3A5F748BC4F148529EB8D43BA5E77CC545CB00

Uniqueness

Uniqueness Score: -1.00%

Function 000000014005BE00 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 153COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 000000014005BF9C

Strings

#HotIf, xrefs: 000000014005C00E

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CountTick
String ID: #HotIf
API String ID: 536389180-3987657291
Opcode ID: 3d969a4b4755e06f2bfde7ddf43d8df316e133a3a848f2357b6edf974bf3813e
Instruction ID: 11c41f4039230f910fb9e0441254e9cd704b55423ff3907b9be500d01dc8f586
Opcode Fuzzy Hash: 3d969a4b4755e06f2bfde7ddf43d8df316e133a3a848f2357b6edf974bf3813e
Instruction Fuzzy Hash: BF9136B2904B80C6E712CF2AF8413E977A4F79DB98F145229EF98536B6DB39D091C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014005C700 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133COMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,?,?,000000014005A817), ref: 000000014005C87A
GetShortPathNameW.KERNEL32 ref: 000000014005C933

Strings

Out of memory., xrefs: 000000014005C7D3

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: NamePath$FullShort
String ID: Out of memory.
API String ID: 4229621559-4087320997
Opcode ID: e124eb6b2dae3212a517217e50a262e1339da0ee15031f6a6558c60faa13fe68
Instruction ID: 189aeb1ff8701719b3778cad28f82c70165e46a5c049042406aeb048933b5b72
Opcode Fuzzy Hash: e124eb6b2dae3212a517217e50a262e1339da0ee15031f6a6558c60faa13fe68
Instruction Fuzzy Hash: 9751B272211B8586EB66DB26E8847DAB3E0F70C7C4F448129EB9E03B61EF39E545C340

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400DA5AC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 131COMMON

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00000001400DA651

Strings

acos, xrefs: 00000001400DA664
!, xrefs: 00000001400DA686

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: _set_statfp
String ID: !$acos
API String ID: 1156100317-2870037509
Opcode ID: 1e22b8de1b4a75e790d95826593da5c634cf3d276b437eeec1797679699e6813
Instruction ID: 2c15be268ed98462e7ec72b0d96ae52749330ed3086d9a6ea5100b5138b90736
Opcode Fuzzy Hash: 1e22b8de1b4a75e790d95826593da5c634cf3d276b437eeec1797679699e6813
Instruction Fuzzy Hash: 7D6162B1A24F4489E623CB3694503AAA765AFAB7D0F519303EB5A36E74DB3CC0835640

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000ACDC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 126COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 000000014000AE30

Strings

%u">, xrefs: 000000014000ADF1
VUUU, xrefs: 000000014000ADB6

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: ByteCharMultiWide
String ID: %u">$VUUU
API String ID: 626452242-3222289237
Opcode ID: 239ed7a31aac56ccebcaf9bbb58b9d74f0f686132656142c2b947916e8ecd4a5
Instruction ID: 25d9b6ca83e7821511183228dd790cbd4531c762e6e10e3ab2e00afecd1cbb25
Opcode Fuzzy Hash: 239ed7a31aac56ccebcaf9bbb58b9d74f0f686132656142c2b947916e8ecd4a5
Instruction Fuzzy Hash: 234137B271069083EB65EA17E5407E973D6F759BD0F458136AF194BBE4EE3CC9428300

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400DA84C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 125COMMON

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00000001400DA8E9

Strings

!, xrefs: 00000001400DA91E
asin, xrefs: 00000001400DA8FC

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: _set_statfp
String ID: !$asin
API String ID: 1156100317-2188059690
Opcode ID: 16268775c515c6675f9bb71ddf5fda950e51b33550d6b907857f06ec06823b41
Instruction ID: cbc948d92d5219b80105b78c8ab26f8f64dd77d29acc69ad5a82befaba616d82
Opcode Fuzzy Hash: 16268775c515c6675f9bb71ddf5fda950e51b33550d6b907857f06ec06823b41
Instruction Fuzzy Hash: 40518671A24F8489E613CB3698513AEA365AFAA7D0F519307FB9636D74DB3CD0838640

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400D8098 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00000001400D81AF
GetLastError.KERNEL32 ref: 00000001400D81D1

Strings

U, xrefs: 00000001400D815B

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: e272f7c9a49b8b55932eefaeaad7d2eb71207848587f8df50fbc2ec66db4b458
Instruction ID: 4560c0dc84ad7e5284cb1d201f1c4077f61d9f0fd61722ea771707b1d70bfbd2
Opcode Fuzzy Hash: e272f7c9a49b8b55932eefaeaad7d2eb71207848587f8df50fbc2ec66db4b458
Instruction Fuzzy Hash: 8741BF36314A8082EB218F26E8443EEB7A5FB88BD4F404025EF4D877A8DB38C446C710

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400DA444 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99COMMON

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32(?,?,?,?,00000000,009DEE08,00A1AAF0,00000009,00000000,0000000140011DA9), ref: 00000001400DA4BB
FindMITargetTypeInstance.LIBVCRUNTIME ref: 00000001400DA517

Strings

Bad dynamic_cast!, xrefs: 00000001400DA586

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: FileFindHeaderInstanceTargetType
String ID: Bad dynamic_cast!
API String ID: 746355257-2956939130
Opcode ID: 98210f854d0daaa40dd30e5b3534991e368a089433d78b7d691dc8c5a9dfada0
Instruction ID: 15bb5e2ef274abf57b014ac5607f966985dfc731686b591c743429ff167e62ca
Opcode Fuzzy Hash: 98210f854d0daaa40dd30e5b3534991e368a089433d78b7d691dc8c5a9dfada0
Instruction Fuzzy Hash: 57316E72315A8486EA61CB66E484BEE63A0FB89BD4F108525EF9D47B64DB3CD142C710

Uniqueness

Uniqueness Score: -1.00%

Function 000000014002FCA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96timeCOMMON

Download Yara Rule

APIs

SystemTimeToFileTime.KERNEL32 ref: 000000014002FCD7
FileTimeToSystemTime.KERNEL32 ref: 000000014002FD84

Strings

%04d%02d%02d%02d%02d%02d, xrefs: 000000014002FDBE

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Time$FileSystem
String ID: %04d%02d%02d%02d%02d%02d
API String ID: 2086374402-4847443
Opcode ID: 824800b2213910b982a5c6b4ac3912c1f58b4398438a9cd6b2d4f33b764ce5a2
Instruction ID: 02f9ca928da2b835cbb07f6412830828d84dc6a835c057a990705415662ca512
Opcode Fuzzy Hash: 824800b2213910b982a5c6b4ac3912c1f58b4398438a9cd6b2d4f33b764ce5a2
Instruction Fuzzy Hash: F341A672718A4482DB528F1AF0403AEB3A1F788BC5F548125FBC843A69EB7DC895DB00

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140007600 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88clipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32(?,?,?,?,0000000D,0000000140006F5A), ref: 0000000140007627
CloseClipboard.USER32(?,?,?,?,0000000D,0000000140006F5A), ref: 0000000140007634

Strings

Out of memory. The current thread will exit., xrefs: 0000000140007742

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: ClipboardCloseGlobalUnlock
String ID: Out of memory. The current thread will exit.
API String ID: 3794156920-3615672414
Opcode ID: 1a3546b48a1fccc2608f86df88af9b62e9e7296f7700aff3631a47e350de6087
Instruction ID: aef381c8a757cf2e58b5d0736ce20821b016687a79d6c1061f03d60ef524f82c
Opcode Fuzzy Hash: 1a3546b48a1fccc2608f86df88af9b62e9e7296f7700aff3631a47e350de6087
Instruction Fuzzy Hash: D2414B76604A4086EB62DF57F940B9AB3A1F78CBD0F48412AEB8817B75DF7DC5918B00

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400686B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88COMMON

Download Yara Rule

APIs

joyGetDevCapsW.WINMM ref: 0000000140068714
joyGetPosEx.WINMM ref: 0000000140068755

Strings

4, xrefs: 0000000140068742

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Caps
String ID: 4
API String ID: 130273448-4088798008
Opcode ID: daac607ccdf1ee62e4488e812bf2d484490bc0fbce089329ef5b35bc6609566d
Instruction ID: a3756bffd14d3f1c9b30efc8498a4c3ec07030bb8465af1b9d46370ebc2f9a6f
Opcode Fuzzy Hash: daac607ccdf1ee62e4488e812bf2d484490bc0fbce089329ef5b35bc6609566d
Instruction Fuzzy Hash: 1C31DC3221474486E7B68F26E8053AD23A7F79D7C8F684A16EF49076A4DB78C946CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400042D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71windowCOMMON

Download Yara Rule

APIs

joyGetPosEx.WINMM ref: 0000000140004322
PostMessageW.USER32 ref: 000000014000438A

Strings

4, xrefs: 0000000140004310

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: MessagePost
String ID: 4
API String ID: 410705778-4088798008
Opcode ID: 37ec13f7abfb177683c2ef6bfdd0afdf530490a608cdf9945233f07c7b0dcd2f
Instruction ID: b34215d1700f897ca88641b13869883014a8aab2df37f6b57c5da6dc08c23783
Opcode Fuzzy Hash: 37ec13f7abfb177683c2ef6bfdd0afdf530490a608cdf9945233f07c7b0dcd2f
Instruction Fuzzy Hash: 3421E2F221079086EB12DB13E4847AD77A5F34CB84F455126EB8A43BA5DBBCCA51C704

Uniqueness

Uniqueness Score: -1.00%

Function 000000014008AAC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON

Download Yara Rule

APIs

InsertMenuItemW.USER32 ref: 000000014008AB8B

Part of subcall function 000000014008B530: CreateMenu.USER32 ref: 000000014008B54A

GetMenuItemCount.USER32 ref: 000000014008AB74

Strings

P, xrefs: 000000014008AB01

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Menu$Item$CountCreateInsert
String ID: P
API String ID: 203066352-3110715001
Opcode ID: 6ce140100a7755df49b8d9d68e588fac83162ff79cd5cc6666ab3e28d4ceda79
Instruction ID: 3e6e9dc8e3017c5a6646ff3f6ef79e065f74ba37244e00699861018eaca82d78
Opcode Fuzzy Hash: 6ce140100a7755df49b8d9d68e588fac83162ff79cd5cc6666ab3e28d4ceda79
Instruction Fuzzy Hash: 9521E476705B4086E761CF16E480B5AB7A4F78CBD4F144166EF9D83B28DB38C991CB40

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003E5C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59timeCOMMON

Download Yara Rule

APIs

FileTimeToLocalFileTime.KERNEL32 ref: 000000014003E633
FileTimeToSystemTime.KERNEL32 ref: 000000014003E643

Strings

%04d%02d%02d%02d%02d%02d, xrefs: 000000014003E67D

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Time$File$LocalSystem
String ID: %04d%02d%02d%02d%02d%02d
API String ID: 1748579591-4847443
Opcode ID: d2af93afa79dfda6858d718f8886287010bf4483f2b6b72b730c9c4684303eae
Instruction ID: ccaf81971ec95f2e9a00edffd2a2822164232b087f1e4063b5019730bd282a30
Opcode Fuzzy Hash: d2af93afa79dfda6858d718f8886287010bf4483f2b6b72b730c9c4684303eae
Instruction Fuzzy Hash: 58215172618690C2DB558F1AF4403AEB7B1F798BC4F148616FB8943AB8DB39C552DB40

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400BC580 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000001400DA5A8,?,?,?,?,00000000,009DEE08), ref: 00000001400BC5D0
RaiseException.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000001400DA5A8,?,?,?,?,00000000,009DEE08), ref: 00000001400BC611

Strings

csm, xrefs: 00000001400BC5FE

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: 35d9d709ec47ba8c85ff61062c985731ce1e3bf38a539542953e9992716c57b4
Instruction ID: b2fe5872ed4f0537e60a27478831ea2c6880de1afe052b1c45f23b3614fcb7cd
Opcode Fuzzy Hash: 35d9d709ec47ba8c85ff61062c985731ce1e3bf38a539542953e9992716c57b4
Instruction Fuzzy Hash: 2F11FB32214F4082EB628F26F4403997BE5FB88B94F588225EF9D47768DF38D591CB00

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003EA80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44timeCOMMON

Download Yara Rule

APIs

FileTimeToLocalFileTime.KERNEL32 ref: 000000014003EAC0
FileTimeToSystemTime.KERNEL32 ref: 000000014003EAD0

Strings

%04d%02d%02d%02d%02d%02d, xrefs: 000000014003EB0A

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Time$File$LocalSystem
String ID: %04d%02d%02d%02d%02d%02d
API String ID: 1748579591-4847443
Opcode ID: 0e81479946cecbf40def1f4ef14968b3c4e6513bde2852a62c7952bf53d4ddb8
Instruction ID: f325a50b0d22d3892a6122fd713e35841e1cb7654e2b89f3ae100ef47286f730
Opcode Fuzzy Hash: 0e81479946cecbf40def1f4ef14968b3c4e6513bde2852a62c7952bf53d4ddb8
Instruction Fuzzy Hash: 18115B72618790C2DB568F16F4403ABB7B1FB88BD5F144626FB9A43AA8DB3CC151DB40

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003D2C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28timeCOMMON

Download Yara Rule

APIs

GetSystemTime.KERNEL32 ref: 000000014003D2D5
GetLocalTime.KERNEL32 ref: 000000014003D2DD

Strings

%04d%02d%02d%02d%02d%02d, xrefs: 000000014003D314

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Time$LocalSystem
String ID: %04d%02d%02d%02d%02d%02d
API String ID: 1098363292-4847443
Opcode ID: 5618753d2a30a99a1ee3543bb788d7539afb03105aebc21dfc800c736236680e
Instruction ID: 09d605c943687260c825acd7a49a9c43b908153414408b8034867a10cc8a2647
Opcode Fuzzy Hash: 5618753d2a30a99a1ee3543bb788d7539afb03105aebc21dfc800c736236680e
Instruction Fuzzy Hash: 7C01ADB2908600C2D7468F12F04036EB7B1F388B45F104112FB9903A98D73DC0A4CB20

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140044F30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32 ref: 0000000140044F3D
PostMessageW.USER32 ref: 0000000140044F54

Strings

Shell_TrayWnd, xrefs: 0000000140044F36

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: FindMessagePostWindow
String ID: Shell_TrayWnd
API String ID: 2578315405-2988720461
Opcode ID: 52e13443fee94e155041505f7e733e79c5b52a77beffbe9f4b25b530498307fb
Instruction ID: 58d24cd1f139bfa688bfbc018106ff2477e3c2fb5920922eaeda3f1c78125e30
Opcode Fuzzy Hash: 52e13443fee94e155041505f7e733e79c5b52a77beffbe9f4b25b530498307fb
Instruction Fuzzy Hash: A7E0DF74B0100082F30A8B13EC613E42252A79CB90FA48124FB0A03BF0DA3885868300

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140044F80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32 ref: 0000000140044F8D
PostMessageW.USER32 ref: 0000000140044FA4

Strings

Shell_TrayWnd, xrefs: 0000000140044F86

Memory Dump Source

Source File: 00000002.00000002.1671501756.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000002.00000002.1671487178.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671572743.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671618306.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671632671.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671647627.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671661194.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671676475.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671693193.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671709705.0000000140127000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1671743892.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: FindMessagePostWindow
String ID: Shell_TrayWnd
API String ID: 2578315405-2988720461
Opcode ID: ef10025ab184a58e9e0bc033ac5c55dd31c3319b5ae39170cc84956cd8386965
Instruction ID: 60e4b397298d782e6bf67713b2db8ee302796ad3dc57a93f33ed77d20d77b31d
Opcode Fuzzy Hash: ef10025ab184a58e9e0bc033ac5c55dd31c3319b5ae39170cc84956cd8386965
Instruction Fuzzy Hash: D6E02670F0100482F30B8B13FC913F42252A7CCB90FA48224EF0A03BF0DD3884868300

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: AutoHotkeyUX.exePID: 2104, Parent PID: 2580COMMON

Execution Graph

Execution Coverage:	2.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	2000
Total number of Limit Nodes:	103

Executed Functions

Function 0000000140047FF0 Relevance: 28.3, APIs: 10, Strings: 6, Instructions: 324
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindResourceW.KERNEL32(?,?,?,?,?,00000000,0000000D,00000001400479D8,?,0000000140004C81), ref: 00000001400481E4
LoadResource.KERNEL32(?,?,?,?,?,00000000,0000000D,00000001400479D8,?,0000000140004C81), ref: 00000001400481FB
LockResource.KERNEL32(?,?,?,?,?,00000000,0000000D,00000001400479D8,?,0000000140004C81), ref: 000000014004820D
SizeofResource.KERNEL32(?,?,?,?,?,00000000,0000000D,00000001400479D8,?,0000000140004C81), ref: 0000000140048226
GetCPInfo.KERNEL32(?,?,?,?,?,00000000,0000000D,00000001400479D8,?,0000000140004C81), ref: 0000000140048287

Strings

%s file "%s" cannot be opened., xrefs: 00000001400484BF
Out of memory., xrefs: 00000001400480AB
#Include, xrefs: 00000001400484AA
Script, xrefs: 00000001400484B8
*#2, xrefs: 00000001400483C1
Too many includes., xrefs: 000000014004805B

Memory Dump Source

Source File: 00000003.00000002.2844711127.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000003.00000002.2844699445.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2844763181.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2844763181.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2844797434.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2844810451.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2844821911.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2844833316.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2844844753.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2844856077.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2844867461.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2844879776.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: Resource$FindInfoLoadLockSizeof
String ID: #Include$%s file "%s" cannot be opened.$*#2$Out of memory.$Script$Too many includes.
API String ID: 3440836517-3189951223
Opcode ID: 55b505f00f643f4b07a49b7a0203a743e1d66ec772f2415d1c59bb64ed21dc11
Instruction ID: e8812c980ce5eb44ff6a433d7afc1314506459352e0d2e6e266adaaa7e7f0338
Opcode Fuzzy Hash: 55b505f00f643f4b07a49b7a0203a743e1d66ec772f2415d1c59bb64ed21dc11
Instruction Fuzzy Hash: 75E1AA71201B8186EB729F12E9947ED63A4FB4CBC4F46483AEF4A07AB5EB78C545C704

Uniqueness

Uniqueness Score: -1.00%

Function 000000014007E0B0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79windowCOMMON

Download Yara Rule

APIs

CreateWindowExW.USER32 ref: 000000014007E0FC
SendMessageW.USER32 ref: 000000014007E129
SelectObject.GDI32 ref: 000000014007F7A8
ReleaseDC.USER32 ref: 000000014007F7BA

Strings

Button, xrefs: 000000014007E0B7
Can't create control., xrefs: 000000014007F817

Memory Dump Source

Source File: 00000003.00000002.2844711127.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000003.00000002.2844699445.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2844763181.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2844763181.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2844797434.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2844810451.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2844821911.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2844833316.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2844844753.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2844856077.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2844867461.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2844879776.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CreateMessageObjectReleaseSelectSendWindow
String ID: Button$Can't create control.
API String ID: 464545779-3367292703
Opcode ID: 891497140b1780c56a72102a3e7454dda2d1eb53daf1dc48c71fd13769d36083
Instruction ID: 391c2e39b5b3f9af42ccf435a296449173c414d0a8ee3cede1d0666bf4b782bb
Opcode Fuzzy Hash: 891497140b1780c56a72102a3e7454dda2d1eb53daf1dc48c71fd13769d36083
Instruction Fuzzy Hash: DD312736205B8086EB62CF26E4907A977A5F78CBD4F14401AEF8957B78DB38C580DB40

Uniqueness

Uniqueness Score: -1.00%

Function 000000014005A010 Relevance: 6.1, APIs: 4, Instructions: 130windowCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 000000014005A087
PeekMessageW.USER32 ref: 000000014005A0B8
GetTickCount.KERNEL32 ref: 000000014005A0CF
GetTickCount.KERNEL32 ref: 000000014005A145

Memory Dump Source

Source File: 00000003.00000002.2844711127.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000003.00000002.2844699445.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2844763181.00000001400DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2844763181.00000001400FB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2844797434.000000014011C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2844810451.000000014011D000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2844821911.000000014011F000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2844833316.0000000140120000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2844844753.0000000140121000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2844856077.0000000140122000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2844867461.0000000140123000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2844879776.000000014012A000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_140000000_AutoHotkeyUX.jbxd

Similarity

API ID: CountTick$MessagePeek
String ID:
API String ID: 4145102785-0
Opcode ID: f2a7d29b70befd35a0dd0eb8794bd4a0c4204ecdc39ff761e175921a1e1b1d41
Instruction ID: 438df62315db4ed99b0bd879fad8fb29dcaaaeeab9f01469f8c50d10f724a5d2
Opcode Fuzzy Hash: f2a7d29b70befd35a0dd0eb8794bd4a0c4204ecdc39ff761e175921a1e1b1d41
Instruction Fuzzy Hash: B551E172601A84CAF762CF26E8447EA37A1F74DB98F548215EB59432F5DB3EC885C700

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access, network devices, and remote desktop.Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Driver: Driver Load, Process: Process Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may install a root certificate on a compromised system to avoid warnings when connecting to adversary controlled web servers. Root certificates are used in public key cryptography to identify a root certificate authority (CA). When a root certificate is installed, the system or application will trust certificates in the root's chain of trust that have been signed by the root certificate.Certificates are commonly used for establishing secure TLS/SSL communications within a web browser. When a user attempts to browse a website that presents a certificate that is not trusted an error message will be displayed to warn the user of the security risk. Depending on the security settings, the browser may not allow the user to establish a connection to the website.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report AutoHotkey_2.0.12_setup.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

System Summary

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\AutoHotkey.chm

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\AutoHotkey32.exe

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\AutoHotkey64.exe

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\Install.cmd

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\Templates\Minimal for v2.ahk

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\WindowSpy.ahk

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\CommandLineToArgs.ahk

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\CreateAppShortcut.ahk

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\EnableUIAccess.ahk

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\GetGitHubReleaseAssetURL.ahk

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\HashFile.ahk

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\README.txt

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\ShellRun.ahk

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\bounce-v1.ahk

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\common.ahk

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\config.ahk

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\identify.ahk

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\identify_regex.ahk

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\launcher-common.ahk

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\spy.ico

Windows Analysis Report
AutoHotkey_2.0.12_setup.exe

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine or network device. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer or network device via Network Device CLI (e.g. `reload` ).
Tactics:	Impact
Data Sources:	Command: Command Execution, Process: Process Creation, Sensor Health: Host Status
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre