File name:

AutoHotkey_2.0.19_setup.exe

Full analysis: https://app.any.run/tasks/2b059922-c111-4e5c-97d0-73dd8e68a0fb
Verdict: Malicious activity
Analysis date: March 13, 2025, 18:20:54
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
github
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
MD5:

34979CF8AB65E09D738FD6B95365CEFB

SHA1:

0AFD36786EEB45BBE7DB1CF2A6D2251C10DA303C

SHA256:

FD55129CBD356F49D2151E0A8B9662D90D2DBBB9579CC2410FDE38DF94787A3A

SSDEEP:

98304:/Rv3DwxUAtz2eVhxkk/7wIvycwI0mm/H7Krd6dV9zXv8E2d4J1KD3B+yfaXDFcd2:WmxZCp

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Application launched itself

      • AutoHotkey_2.0.19_setup.exe (PID: 3332)
      • AutoHotkey32.exe (PID: 8872)

    • Reads security settings of Internet Explorer

      • AutoHotkey_2.0.19_setup.exe (PID: 3332)

    • Creates a software uninstall entry

      • AutoHotkey_2.0.19_setup.exe (PID: 4688)

    • Executable content was dropped or overwritten

      • AutoHotkey_2.0.19_setup.exe (PID: 4688)

    • Adds/modifies Windows certificates

      • AutoHotkey_2.0.19_setup.exe (PID: 4688)

    • Starts application with an unusual extension

      • cmd.exe (PID: 9096)

  • INFO

    • Checks supported languages

      • AutoHotkey_2.0.19_setup.exe (PID: 3332)
      • AutoHotkey_2.0.19_setup.exe (PID: 4688)
      • AutoHotkeyUX.exe (PID: 5344)

    • The sample compiled with english language support

      • AutoHotkey_2.0.19_setup.exe (PID: 3332)
      • AutoHotkey_2.0.19_setup.exe (PID: 4688)
      • WinRAR.exe (PID: 8464)

    • Process checks computer location settings

      • AutoHotkey_2.0.19_setup.exe (PID: 3332)

    • Reads the computer name

      • AutoHotkey_2.0.19_setup.exe (PID: 4688)
      • AutoHotkey_2.0.19_setup.exe (PID: 3332)

    • Creates files in the program directory

      • AutoHotkey_2.0.19_setup.exe (PID: 4688)

    • AutoHotkey executable

      • AutoHotkey_2.0.19_setup.exe (PID: 3332)
      • AutoHotkey_2.0.19_setup.exe (PID: 4688)
      • cmd.exe (PID: 9096)
      • AutoHotkey32.exe (PID: 8872)

    • Creates files or folders in the user directory

      • AutoHotkey_2.0.19_setup.exe (PID: 4688)
      • BackgroundTransferHost.exe (PID: 1072)

    • Reads the machine GUID from the registry

      • AutoHotkey_2.0.19_setup.exe (PID: 4688)

    • Reads the software policy settings

      • AutoHotkey_2.0.19_setup.exe (PID: 4688)

    • Manual execution by a user

      • AutoHotkeyUX.exe (PID: 4268)
      • msedge.exe (PID: 6620)
      • cmd.exe (PID: 9096)
      • WinRAR.exe (PID: 8464)

    • The sample compiled with swedish language support

      • WinRAR.exe (PID: 8464)

    • Application launched itself

      • msedge.exe (PID: 6620)
      • msedge.exe (PID: 8984)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 8464)

    • The sample compiled with turkish language support

      • WinRAR.exe (PID: 8464)

    • The sample compiled with chinese language support

      • WinRAR.exe (PID: 8464)

    • Changes the display of characters in the console

      • cmd.exe (PID: 9096)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (64.2)
.dll | Win32 Dynamic Link Library (generic) (15.6)
.exe | Win32 Executable (generic) (10.6)
.exe | Generic Win/DOS Executable (4.7)
.exe | DOS Executable Generic (4.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:01:25 08:00:28+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 14.39
CodeSize: 2994176
InitializedDataSize: 40960
UninitializedDataSize: 2527232
EntryPoint: 0x544000
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 2.0.19.0
ProductVersionNumber: 2.0.19.0
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: AutoHotkey installer
FileVersion: 2.0.19
ProductName: AutoHotkey Setup
ProductVersion: 2.0.19
InternalName: AutoHotkey Setup
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
231
Monitored processes
91
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start autohotkey_2.0.19_setup.exe no specs sppextcomobj.exe no specs slui.exe autohotkey_2.0.19_setup.exe autohotkeyux.exe no specs backgroundtransferhost.exe no specs autohotkeyux.exe no specs backgroundtransferhost.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs backgroundtransferhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs backgroundtransferhost.exe no specs backgroundtransferhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs rundll32.exe no specs winrar.exe slui.exe no specs msedge.exe no specs msedge.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs autohotkey32.exe autohotkey32.exe no specs autohotkey64.exe no specs autohotkey64.exe no specs autohotkey64.exe no specs autohotkey64.exe no specs autohotkey64.exe no specs autohotkey64.exe no specs autohotkey64.exe no specs autohotkey64.exe no specs autohotkey64.exe no specs autohotkey64.exe no specs autohotkey64.exe no specs autohotkey64.exe no specs autohotkey64.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs msedge.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs shellexperiencehost.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
472"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6356 --field-trial-handle=2428,i,2877398148589253857,14848013267785119236,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
3221226029
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\identity_helper.exe
c:\windows\system32\ntdll.dll
472"C:\Users\admin\Downloads\Natro Macro v1.0.0.3\submacros\AutoHotkey64.exe" /script /Validate /ErrorStdOut *C:\Users\admin\Downloads\Natro Macro v1.0.0.3\submacros\AutoHotkey64.exeAutoHotkey32.exe
User:
admin
Company:
AutoHotkey Foundation LLC
Integrity Level:
MEDIUM
Description:
AutoHotkey 64-bit
Exit code:
0
Version:
2.0.12
Modules
Images
c:\users\admin\downloads\natro macro v1.0.0.3\submacros\autohotkey64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1072"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1C:\Windows\System32\BackgroundTransferHost.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Download/Upload Host
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\backgroundtransferhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\bcryptprimitives.dll
1512"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7700 --field-trial-handle=2428,i,2877398148589253857,14848013267785119236,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1812"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x304,0x308,0x30c,0x2fc,0x314,0x7ffc89b95fd8,0x7ffc89b95fe4,0x7ffc89b95ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2064"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=7240 --field-trial-handle=2428,i,2877398148589253857,14848013267785119236,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2568"C:\Users\admin\Downloads\Natro Macro v1.0.0.3\submacros\AutoHotkey64.exe" /script /Validate /ErrorStdOut *C:\Users\admin\Downloads\Natro Macro v1.0.0.3\submacros\AutoHotkey64.exeAutoHotkey32.exe
User:
admin
Company:
AutoHotkey Foundation LLC
Integrity Level:
MEDIUM
Description:
AutoHotkey 64-bit
Exit code:
0
Version:
2.0.12
Modules
Images
c:\users\admin\downloads\natro macro v1.0.0.3\submacros\autohotkey64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2596"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5300 --field-trial-handle=2344,i,6688659383631737167,10511335843856054039,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3332"C:\Users\admin\Desktop\AutoHotkey_2.0.19_setup.exe" C:\Users\admin\Desktop\AutoHotkey_2.0.19_setup.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
AutoHotkey installer
Exit code:
0
Version:
2.0.19
Modules
Images
c:\users\admin\desktop\autohotkey_2.0.19_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
3676"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4984 --field-trial-handle=2344,i,6688659383631737167,10511335843856054039,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
20 999
Read events
20 876
Write events
103
Delete events
20

Modification events

(PID) Process:(4688) AutoHotkey_2.0.19_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoHotkey
Operation:writeName:DisplayName
Value:
AutoHotkey
(PID) Process:(4688) AutoHotkey_2.0.19_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoHotkey
Operation:writeName:UninstallString
Value:
"C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe" "C:\Program Files\AutoHotkey\UX\ui-uninstall.ahk"
(PID) Process:(4688) AutoHotkey_2.0.19_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoHotkey
Operation:writeName:QuietUninstallString
Value:
"C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe" "C:\Program Files\AutoHotkey\UX\install.ahk" /uninstall /silent
(PID) Process:(4688) AutoHotkey_2.0.19_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoHotkey
Operation:writeName:NoModify
Value:
1
(PID) Process:(4688) AutoHotkey_2.0.19_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoHotkey
Operation:writeName:DisplayIcon
Value:
C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe
(PID) Process:(4688) AutoHotkey_2.0.19_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoHotkey
Operation:writeName:DisplayVersion
Value:
2.0.19
(PID) Process:(4688) AutoHotkey_2.0.19_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoHotkey
Operation:writeName:URLInfoAbout
Value:
https://autohotkey.com
(PID) Process:(4688) AutoHotkey_2.0.19_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoHotkey
Operation:writeName:Publisher
Value:
AutoHotkey Foundation LLC
(PID) Process:(4688) AutoHotkey_2.0.19_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoHotkey
Operation:writeName:InstallLocation
Value:
C:\Program Files\AutoHotkey
(PID) Process:(4688) AutoHotkey_2.0.19_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\AutoHotkey
Operation:writeName:InstallDir
Value:
C:\Program Files\AutoHotkey
Executable files
82
Suspicious files
773
Text files
606
Unknown types
1

Dropped files

PID
Process
Filename
Type
4688AutoHotkey_2.0.19_setup.exeC:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.19_setup.exe\AutoHotkey32.exeexecutable
MD5:564C4E3D2BF76B70A41596FEE7C209EB
SHA256:E0464215B4D096FA0B27CD34D5E6B15DD6EA7F71A9BCE837938A23FD7C8BEB36
4688AutoHotkey_2.0.19_setup.exeC:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.19_setup.exe\UX\ui-dash.ahktext
MD5:669BD791C5AAFB60EE0885EF064D3622
SHA256:E8C0B4E149AD58C57E77AAC12041F1FA8BC9F25C6D642D12837EFC5FD97B8D21
4688AutoHotkey_2.0.19_setup.exeC:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.19_setup.exe\license.txttext
MD5:E3F2AD7733F3166FE770E4DC00AF6C45
SHA256:B27C1A7C92686E47F8740850AD24877A50BE23FD3DBD44EDEE50AC1223135E38
4688AutoHotkey_2.0.19_setup.exeC:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.19_setup.exe\WindowSpy.ahktext
MD5:1B081984B7C90528E03E67096F001E5F
SHA256:83E60BA7D330D4FAA32576C0AB223A2440EF92972D3D32DEE46D117E8A446CE9
4688AutoHotkey_2.0.19_setup.exeC:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.19_setup.exe\UX\reset-assoc.ahktext
MD5:0299132478B49E3EB706C214BF32E62F
SHA256:D26CAEF44190E0B612C3E4309FF6689DC2953C72CB3DE1C94D002250B089F16B
4688AutoHotkey_2.0.19_setup.exeC:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.19_setup.exe\AutoHotkey64.exeexecutable
MD5:38746D44ECA1F41D1F8E16746EB182F5
SHA256:3880F9EC464DFE78C16BBD8B9F30560227154C292280337346A30C8FD92871FE
4688AutoHotkey_2.0.19_setup.exeC:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.19_setup.exe\UX\install.ahktext
MD5:A3CAA9963C9133C2A14A4E36D62761E3
SHA256:F628EDFECE15DB0061FDFE96724266A3CFAAEC396524A94B574E22E6E3970C40
4688AutoHotkey_2.0.19_setup.exeC:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.19_setup.exe\Install.cmdtext
MD5:4CFB569D3628B7E14E729DE9956CC24B
SHA256:DB2578B4EE5617F45ACFFB3AF21E1D3FC31CDCF035DD9227C8061A950AA015E7
4688AutoHotkey_2.0.19_setup.exeC:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.19_setup.exe\AutoHotkey.chmbinary
MD5:57BB054E56EB6FA154F5BCA6AFFA656A
SHA256:33D035BBC23CE61FA83E13DA126D17D3EB48ED210CA59E4F4BAB46F1BE3654C7
4688AutoHotkey_2.0.19_setup.exeC:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.19_setup.exe\UX\install-version.ahktext
MD5:30B87FBFADC592C38BE9D82EDF597FA3
SHA256:1E59921BCDDB3C41651EB01605CDEFCDEE3C6ADEC5DB6B7CAFB7AB801EAD5E1E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
17
TCP/UDP connections
132
DNS requests
130
Threats
5

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6544
svchost.exe
GET
200
23.54.109.203:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
GET
200
23.48.23.173:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1072
BackgroundTransferHost.exe
GET
200
23.54.109.203:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
8984
SIHClient.exe
GET
200
23.52.120.96:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
8984
SIHClient.exe
GET
200
23.52.120.96:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
8808
svchost.exe
HEAD
200
23.50.131.72:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9b9f8fb4-8a65-41e4-bda3-5416858f0aeb?P1=1742398940&P2=404&P3=2&P4=a3Yys90sz7mejwh%2bToCN5gJ9zWv1Ncynr3ZzZPQUAybBiu7zNVAH8BsX8v1bV3icV2x3YNFAecD4XjFHS7cD5g%3d%3d
unknown
whitelisted
8808
svchost.exe
GET
206
23.50.131.72:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9b9f8fb4-8a65-41e4-bda3-5416858f0aeb?P1=1742398940&P2=404&P3=2&P4=a3Yys90sz7mejwh%2bToCN5gJ9zWv1Ncynr3ZzZPQUAybBiu7zNVAH8BsX8v1bV3icV2x3YNFAecD4XjFHS7cD5g%3d%3d
unknown
whitelisted
5200
backgroundTaskHost.exe
GET
200
23.54.109.203:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
8808
svchost.exe
GET
206
23.50.131.72:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9b9f8fb4-8a65-41e4-bda3-5416858f0aeb?P1=1742398940&P2=404&P3=2&P4=a3Yys90sz7mejwh%2bToCN5gJ9zWv1Ncynr3ZzZPQUAybBiu7zNVAH8BsX8v1bV3icV2x3YNFAecD4XjFHS7cD5g%3d%3d
unknown
whitelisted
8808
svchost.exe
GET
206
23.50.131.72:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9b9f8fb4-8a65-41e4-bda3-5416858f0aeb?P1=1742398940&P2=404&P3=2&P4=a3Yys90sz7mejwh%2bToCN5gJ9zWv1Ncynr3ZzZPQUAybBiu7zNVAH8BsX8v1bV3icV2x3YNFAecD4XjFHS7cD5g%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
23.48.23.173:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
3216
svchost.exe
40.113.103.199:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
20.190.160.128:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
23.54.109.203:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
5200
backgroundTaskHost.exe
20.223.35.26:443
arc.msn.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5200
backgroundTaskHost.exe
23.54.109.203:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:137
whitelisted
1072
BackgroundTransferHost.exe
2.16.106.200:443
www.bing.com
Akamai International B.V.
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 4.231.128.59
whitelisted
crl.microsoft.com
  • 23.48.23.173
  • 23.48.23.194
  • 23.48.23.177
  • 23.48.23.180
  • 23.48.23.176
  • 23.48.23.143
  • 23.48.23.166
  • 23.48.23.156
whitelisted
google.com
  • 216.58.212.174
whitelisted
client.wns.windows.com
  • 40.113.103.199
whitelisted
login.live.com
  • 20.190.160.128
  • 20.190.160.2
  • 20.190.160.65
  • 40.126.32.138
  • 20.190.160.64
  • 20.190.160.67
  • 20.190.160.14
  • 20.190.160.132
whitelisted
ocsp.digicert.com
  • 23.54.109.203
whitelisted
arc.msn.com
  • 20.223.35.26
whitelisted
www.bing.com
  • 2.16.106.200
  • 2.16.106.196
  • 2.16.106.207
  • 92.123.104.11
  • 92.123.104.22
  • 92.123.104.10
  • 92.123.104.19
  • 92.123.104.14
  • 92.123.104.16
  • 92.123.104.29
  • 92.123.104.12
  • 92.123.104.5
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
ntp.msn.com
  • 204.79.197.203
whitelisted

Threats

PID
Process
Class
Message
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
AutoHotkey_2.0.19_setup.exe