File name:

AutoHotkey_2.0.18_setup.zip

Full analysis: https://app.any.run/tasks/5df38bc5-b142-491f-8163-1cbfa02f6707
Verdict: Malicious activity
Analysis date: December 08, 2024, 15:57:37
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-exec
arch-doc
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:

C0EDD9223FD871071ED4E49A1D619B82

SHA1:

ACAB6EC20E53AE5F8CE01F7D2AE3FA4BF5424EF1

SHA256:

75E04FF1998F8401A284A1B95A2B91014932AFC2DDB34F685E36B40BF325A3E1

SSDEEP:

98304:SR5z0An0aCLx6HPdrB6gJgSYyg4mmRsPtkMNWuZtPAERitiqTtbxsAij9NTqnipA:SCB+

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Generic archive extractor

      • WinRAR.exe (PID: 4204)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • AutoHotkey_2.0.18_setup.exe (PID: 6404)
      • WinRAR.exe (PID: 4204)
      • AutoHotkey_2.0.18_setup.exe (PID: 6748)
      • AutoHotkeyUX.exe (PID: 7060)
      • AutoHotkeyUX.exe (PID: 7124)
      • AutoHotkeyUX.exe (PID: 4684)

    • Creates a software uninstall entry

      • AutoHotkey_2.0.18_setup.exe (PID: 6748)

    • Adds/modifies Windows certificates

      • AutoHotkey_2.0.18_setup.exe (PID: 6748)

    • Checks Windows Trust Settings

      • AutoHotkeyUX.exe (PID: 7060)
      • AutoHotkeyUX.exe (PID: 4684)

    • Application launched itself

      • AutoHotkeyUX.exe (PID: 7060)
      • AutoHotkeyUX.exe (PID: 7124)
      • AutoHotkey_2.0.18_setup.exe (PID: 6404)

    • Reads the date of Windows installation

      • AutoHotkeyUX.exe (PID: 7124)

    • Executable content was dropped or overwritten

      • AutoHotkeyUX.exe (PID: 4684)
      • AutoHotkey_2.0.18_setup.exe (PID: 6748)

  • INFO

    • Creates files in the program directory

      • AutoHotkey_2.0.18_setup.exe (PID: 6748)
      • AutoHotkeyUX.exe (PID: 4684)

    • Reads the software policy settings

      • AutoHotkey_2.0.18_setup.exe (PID: 6748)
      • AutoHotkeyUX.exe (PID: 7060)
      • AutoHotkeyUX.exe (PID: 4684)

    • Reads the machine GUID from the registry

      • AutoHotkey_2.0.18_setup.exe (PID: 6748)
      • AutoHotkeyUX.exe (PID: 7060)
      • AutoHotkeyUX.exe (PID: 4684)

    • Creates files or folders in the user directory

      • AutoHotkey_2.0.18_setup.exe (PID: 6748)
      • AutoHotkeyUX.exe (PID: 7060)

    • Reads the computer name

      • AutoHotkey_2.0.18_setup.exe (PID: 6404)
      • AutoHotkeyUX.exe (PID: 6876)
      • AutoHotkeyUX.exe (PID: 7060)
      • AutoHotkeyUX.exe (PID: 7124)
      • AutoHotkeyUX.exe (PID: 4684)
      • AutoHotkey_2.0.18_setup.exe (PID: 6748)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 4204)

    • The process uses the downloaded file

      • AutoHotkey_2.0.18_setup.exe (PID: 6404)
      • WinRAR.exe (PID: 4204)
      • AutoHotkeyUX.exe (PID: 7124)
      • AutoHotkeyUX.exe (PID: 4684)
      • AutoHotkey_2.0.18_setup.exe (PID: 6748)

    • Checks supported languages

      • AutoHotkey_2.0.18_setup.exe (PID: 6404)
      • AutoHotkeyUX.exe (PID: 6840)
      • AutoHotkeyUX.exe (PID: 7060)
      • AutoHotkeyUX.exe (PID: 6876)
      • AutoHotkeyUX.exe (PID: 7124)
      • AutoHotkeyUX.exe (PID: 4684)
      • AutoHotkeyUX.exe (PID: 6284)
      • AutoHotkeyU64.exe (PID: 4716)
      • AutoHotkey_2.0.18_setup.exe (PID: 6748)

    • Manual execution by a user

      • AutoHotkeyUX.exe (PID: 6876)

    • Reads Microsoft Office registry keys

      • WinRAR.exe (PID: 4204)

    • Checks proxy server information

      • AutoHotkeyUX.exe (PID: 7060)
      • AutoHotkeyUX.exe (PID: 4684)

    • Process checks computer location settings

      • AutoHotkeyUX.exe (PID: 7124)
      • AutoHotkey_2.0.18_setup.exe (PID: 6404)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0008
ZipCompression: Deflated
ZipModifyDate: 2024:12:08 16:56:44
ZipCRC: 0x95336cb0
ZipCompressedSize: 2996766
ZipUncompressedSize: 3017216
ZipFileName: AutoHotkey_2.0.18_setup.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
139
Monitored processes
10
Malicious processes
1
Suspicious processes
3

Behavior graph

Click at the process to see the details
start winrar.exe autohotkey_2.0.18_setup.exe no specs autohotkey_2.0.18_setup.exe autohotkeyux.exe no specs autohotkeyux.exe no specs autohotkeyux.exe autohotkeyux.exe no specs autohotkeyux.exe autohotkeyux.exe no specs autohotkeyu64.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
4204"C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\AppData\Local\Temp\AutoHotkey_2.0.18_setup.zipC:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
4684"C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe" /force /script "C:\Program Files\AutoHotkey\UX\install-version.ahk" 1.1.37.02 /YC:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe
AutoHotkeyUX.exe
User:
admin
Company:
AutoHotkey Foundation LLC
Integrity Level:
HIGH
Description:
AutoHotkey 64-bit
Exit code:
0
Version:
2.0.18
Modules
Images
c:\program files\autohotkey\ux\autohotkeyux.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
4716"C:\Program Files\AutoHotkey\v1.1.37.02\AutoHotkeyU64.exe" "C:\Users\admin\AppData\Local\Temp\Rar$DIa4204.29460\ag.ahk"C:\Program Files\AutoHotkey\v1.1.37.02\AutoHotkeyU64.exeAutoHotkeyUX.exe
User:
admin
Company:
AutoHotkey Foundation LLC
Integrity Level:
MEDIUM
Description:
AutoHotkey Unicode 64-bit
Version:
1.1.37.02
Modules
Images
c:\program files\autohotkey\v1.1.37.02\autohotkeyu64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
6284"C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe" "C:\Program Files\AutoHotkey\UX\launcher.ahk" "C:\Users\admin\AppData\Local\Temp\Rar$DIa4204.29460\ag.ahk" C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exeWinRAR.exe
User:
admin
Company:
AutoHotkey Foundation LLC
Integrity Level:
MEDIUM
Description:
AutoHotkey 64-bit
Version:
2.0.18
Modules
Images
c:\program files\autohotkey\ux\autohotkeyux.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\wsock32.dll
6404"C:\Users\admin\AppData\Local\Temp\Rar$EXa4204.27508\AutoHotkey_2.0.18_setup.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa4204.27508\AutoHotkey_2.0.18_setup.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Description:
AutoHotkey installer
Exit code:
0
Version:
2.0.18
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa4204.27508\autohotkey_2.0.18_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
6748"C:\Users\admin\AppData\Local\Temp\Rar$EXa4204.27508\AutoHotkey_2.0.18_setup.exe" /to "C:\Program Files\AutoHotkey"C:\Users\admin\AppData\Local\Temp\Rar$EXa4204.27508\AutoHotkey_2.0.18_setup.exe
AutoHotkey_2.0.18_setup.exe
User:
admin
Integrity Level:
HIGH
Description:
AutoHotkey installer
Exit code:
0
Version:
2.0.18
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa4204.27508\autohotkey_2.0.18_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
6840"C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe" "C:\Program Files\AutoHotkey\UX\reset-assoc.ahk" /checkC:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exeAutoHotkey_2.0.18_setup.exe
User:
admin
Company:
AutoHotkey Foundation LLC
Integrity Level:
HIGH
Description:
AutoHotkey 64-bit
Exit code:
0
Version:
2.0.18
Modules
Images
c:\program files\autohotkey\ux\autohotkeyux.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\psapi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
6876"C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe" UX\ui-dash.ahkC:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exeexplorer.exe
User:
admin
Company:
AutoHotkey Foundation LLC
Integrity Level:
MEDIUM
Description:
AutoHotkey 64-bit
Version:
2.0.18
Modules
Images
c:\program files\autohotkey\ux\autohotkeyux.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\psapi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\user32.dll
7060"C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe" "C:\Program Files\AutoHotkey\UX\launcher.ahk" "C:\Users\admin\AppData\Local\Temp\Rar$DIa4204.28464\ag.ahk" C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe
WinRAR.exe
User:
admin
Company:
AutoHotkey Foundation LLC
Integrity Level:
MEDIUM
Description:
AutoHotkey 64-bit
Exit code:
2
Version:
2.0.18
Modules
Images
c:\program files\autohotkey\ux\autohotkeyux.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\wsock32.dll
7124"C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe" /script "C:\Program Files\AutoHotkey\UX\install-version.ahk" "1.1.37.02"C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exeAutoHotkeyUX.exe
User:
admin
Company:
AutoHotkey Foundation LLC
Integrity Level:
MEDIUM
Description:
AutoHotkey 64-bit
Exit code:
0
Version:
2.0.18
Modules
Images
c:\program files\autohotkey\ux\autohotkeyux.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
Total events
20 317
Read events
20 267
Write events
43
Delete events
7

Modification events

(PID) Process:(4204) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(4204) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(4204) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(4204) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\AutoHotkey_2.0.18_setup.zip
(PID) Process:(4204) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(4204) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(4204) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(4204) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(6748) AutoHotkey_2.0.18_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates
Operation:delete valueName:D88254DA46ADDA6FDBCB11A37A3D5904C6A1D64B
Value:
(PID) Process:(6748) AutoHotkey_2.0.18_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D88254DA46ADDA6FDBCB11A37A3D5904C6A1D64B
Operation:writeName:Blob
Value:
030000000100000014000000D88254DA46ADDA6FDBCB11A37A3D5904C6A1D64B0200000001000000840000001C0000003400000001000000000000000000000000000000020000004100750074006F0048006F0074006B0065007900000000004D006900630072006F0073006F006600740020005300740072006F006E0067002000430072007900700074006F0067007200610070006800690063002000500072006F007600690064006500720000002000000001000000E1010000308201DD30820146A00302010202105C42486BEEF18A9A4C588623AA45AC68300D06092A864886F70D01010505003015311330110603550403130A4175746F486F746B65793020170D3234313230383135353734395A180F39393939303130313132303030305A3015311330110603550403130A4175746F486F746B657930819F300D06092A864886F70D010101050003818D0030818902818100BD203AFAFAE7DD09D9A4D52650C45BD59C74A0D90F28E66C3C2154BBD2A3C694C809E4C7DD7ECC9A3757C747A802D05C4082327483006771F706D5AC35212B2C046E61B214D2B4E03D0392938CE40F758FE9C70EE1E3EF4F4ECEBA664DEAB4825E5E948F218E723F3515CDCDD9302E3D09E71985F42BE0CCFB88CE87F92DF49D0203010001A32C302A30100603551D040101FF040630040302049030160603551D250101FF040C300A06082B06010505070303300D06092A864886F70D01010505000381810007F1158445627EF29024CB2C943227EC1AFF4A761FCDB15547637F1B346E9A30024FDC70759B3E0EEBB86537E635B36F5E41C2C061D3C8607E4CA679C746AB08C1302F0FE50C64F13F846F1F80AC985F59E0A4F0DFEDA40D694B622C250A652903DF09B240ACEB451D1DF8D5738D727692933CB432284BB2D942DD78484B2402
Executable files
35
Suspicious files
13
Text files
71
Unknown types
0

Dropped files

PID
Process
Filename
Type
6748AutoHotkey_2.0.18_setup.exeC:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\AutoHotkey64.exeexecutable
MD5:D0CC6A21113957474E095FCA77D75ABD
SHA256:70031669FEF8C365A243322C52DF9C3F854271489E67C5A9FC3139F56BC357E9
4204WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa4204.27508\ag.ahktext
MD5:DCA80628B7D8A425B2FCF9DE46282277
SHA256:4BE0F7C172A715A118776BFDADCD707C3F2BC906295396D6563B6D00B75ACB9D
6748AutoHotkey_2.0.18_setup.exeC:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\Install.cmdtext
MD5:4CFB569D3628B7E14E729DE9956CC24B
SHA256:DB2578B4EE5617F45ACFFB3AF21E1D3FC31CDCF035DD9227C8061A950AA015E7
4204WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa4204.27508\AutoHotkey_2.0.18_setup.exeexecutable
MD5:71E486A03AB282B75886E3712EBB1EFA
SHA256:A30AF310F45D4076CF1580BB08015DB9A1337DDC1A99CF61829E645B196E8B2E
6748AutoHotkey_2.0.18_setup.exeC:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\AutoHotkey32.exeexecutable
MD5:79DF35982C6D7DE66155A01505C00BF1
SHA256:FE0B57163BCF3D4542D902570B48665523D9293090496F990BB76ED421173F3C
6748AutoHotkey_2.0.18_setup.exeC:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\install-version.ahktext
MD5:30B87FBFADC592C38BE9D82EDF597FA3
SHA256:1E59921BCDDB3C41651EB01605CDEFCDEE3C6ADEC5DB6B7CAFB7AB801EAD5E1E
6748AutoHotkey_2.0.18_setup.exeC:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\AutoHotkey.chmchm
MD5:5836544D903111B9F15F3007ECF24E75
SHA256:E18DBC5445FCD079FDBB189BA53C48CCFF8FB8723FCA39C353E9C99FDEE38B85
6748AutoHotkey_2.0.18_setup.exeC:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\install-ahk2exe.ahktext
MD5:C90BED0679B789B74E4865AE6F2709A3
SHA256:C242EBB51241ACAB13152D95CDB05BE5382FFB97F3DCA2DA3A4E5A084C2E3FF4
6748AutoHotkey_2.0.18_setup.exeC:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\UX\reload-v1.ahktext
MD5:35F4753A58432446B99BF89A9E930BF5
SHA256:E4659306A755B583E9CEF5FDBA3B3EB102D8939FB028AFD91AAD4496E758FAD5
6748AutoHotkey_2.0.18_setup.exeC:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.18_setup.exe\license.txttext
MD5:E3F2AD7733F3166FE770E4DC00AF6C45
SHA256:B27C1A7C92686E47F8740850AD24877A50BE23FD3DBD44EDEE50AC1223135E38
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
37
DNS requests
20
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
GET
200
23.48.23.147:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
GET
200
23.52.120.96:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
7060
AutoHotkeyUX.exe
GET
200
142.250.186.99:80
http://c.pki.goog/r/r4.crl
unknown
whitelisted
3608
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
6532
SIHClient.exe
GET
200
23.52.120.96:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6532
SIHClient.exe
GET
200
23.52.120.96:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7060
AutoHotkeyUX.exe
GET
200
142.250.186.99:80
http://c.pki.goog/r/gsr1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4712
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
444
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
5064
SearchApp.exe
92.123.104.25:443
www.bing.com
Akamai International B.V.
DE
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
23.48.23.147:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
23.52.120.96:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
1176
svchost.exe
20.190.160.22:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
  • 51.104.136.2
whitelisted
www.bing.com
  • 92.123.104.25
  • 92.123.104.23
  • 92.123.104.29
  • 92.123.104.22
  • 92.123.104.26
  • 92.123.104.27
  • 92.123.104.30
  • 92.123.104.21
  • 92.123.104.24
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
crl.microsoft.com
  • 23.48.23.147
  • 23.48.23.143
whitelisted
google.com
  • 216.58.212.174
whitelisted
www.microsoft.com
  • 23.52.120.96
whitelisted
login.live.com
  • 20.190.160.22
  • 40.126.32.76
  • 40.126.32.138
  • 40.126.32.68
  • 40.126.32.133
  • 40.126.32.140
  • 20.190.160.17
  • 40.126.32.136
whitelisted
go.microsoft.com
  • 23.213.166.81
whitelisted
www.autohotkey.com
  • 172.67.159.204
  • 104.21.89.135
whitelisted
c.pki.goog
  • 142.250.186.99
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
AutoHotkey_2.0.18_setup.zip