File name:

Steven How Are You.m4a

Full analysis: https://app.any.run/tasks/b555b286-0f83-43ab-bf04-352e3d9ec84f
Verdict: Malicious activity
Analysis date: July 04, 2025, 18:09:02
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
lua
delphi
inno
installer
Indicators:
MIME: audio/x-m4a
File info: ISO Media, Apple iTunes ALAC/AAC-LC (.M4A) Audio
MD5:

24563103A42C580F50E99A0F597F2A07

SHA1:

C476C2F1B8DDFB4454F87CD841EFCBC982075D62

SHA256:

955F7C1F70D8E0E1208692EDC27D4CB6A8ED4CEA8252C97B090DFF92326C20E9

SSDEEP:

98304:1wbHdbaIYLLIYJoJfEsJQMQBcJ4NH2OtzATc5YuEQdK0a7ilj4q4dRdbrynBdzMN:jzyjhub6PWe

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • There is functionality for taking screenshot (YARA)

      • vlc.exe (PID: 6808)

    • Executable content was dropped or overwritten

      • ATLauncher-setup-1.3.0.0.exe (PID: 6320)
      • ATLauncher-setup-1.3.0.0.tmp (PID: 8060)
      • 7za.exe (PID: 7876)
      • javaw.exe (PID: 1660)

    • Reads the Windows owner or organization settings

      • ATLauncher-setup-1.3.0.0.tmp (PID: 8060)

    • Process drops legitimate windows executable

      • 7za.exe (PID: 7876)

    • Drops 7-zip archiver for unpacking

      • ATLauncher-setup-1.3.0.0.tmp (PID: 8060)

    • Reads security settings of Internet Explorer

      • ShellExperienceHost.exe (PID: 6736)

    • The process drops C-runtime libraries

      • 7za.exe (PID: 7876)

    • Uses REG/REGEDIT.EXE to modify registry

      • javaw.exe (PID: 1660)

    • Application launched itself

      • javaw.exe (PID: 1660)

    • The process checks if it is being run in the virtual environment

      • javaw.exe (PID: 1660)

  • INFO

    • Checks supported languages

      • vlc.exe (PID: 6808)
      • ATLauncher-setup-1.3.0.0.tmp (PID: 8060)
      • ATLauncher-setup-1.3.0.0.exe (PID: 6320)
      • ShellExperienceHost.exe (PID: 6736)
      • 7za.exe (PID: 7876)
      • ATLauncher.exe (PID: 5084)
      • javaw.exe (PID: 7708)
      • javaw.exe (PID: 1660)
      • java.exe (PID: 1484)
      • javaw.exe (PID: 7264)
      • javaw.exe (PID: 8380)

    • Reads the computer name

      • vlc.exe (PID: 6808)
      • ATLauncher-setup-1.3.0.0.tmp (PID: 8060)
      • ShellExperienceHost.exe (PID: 6736)
      • 7za.exe (PID: 7876)
      • javaw.exe (PID: 1660)

    • Manual execution by a user

      • firefox.exe (PID: 3572)

    • The process uses Lua

      • vlc.exe (PID: 6808)

    • Application launched itself

      • firefox.exe (PID: 3572)
      • firefox.exe (PID: 7076)

    • Reads Microsoft Office registry keys

      • firefox.exe (PID: 7076)

    • Checks proxy server information

      • ATLauncher-setup-1.3.0.0.tmp (PID: 8060)
      • slui.exe (PID: 7336)

    • Reads the software policy settings

      • slui.exe (PID: 7336)
      • ATLauncher-setup-1.3.0.0.tmp (PID: 8060)

    • The sample compiled with english language support

      • firefox.exe (PID: 7076)
      • 7za.exe (PID: 7876)
      • ATLauncher-setup-1.3.0.0.tmp (PID: 8060)

    • Executable content was dropped or overwritten

      • firefox.exe (PID: 7076)

    • Create files in a temporary directory

      • ATLauncher-setup-1.3.0.0.exe (PID: 6320)
      • ATLauncher-setup-1.3.0.0.tmp (PID: 8060)
      • javaw.exe (PID: 7708)
      • javaw.exe (PID: 1660)
      • java.exe (PID: 1484)
      • javaw.exe (PID: 7264)
      • javaw.exe (PID: 8380)

    • Compiled with Borland Delphi (YARA)

      • ATLauncher-setup-1.3.0.0.exe (PID: 6320)
      • ATLauncher-setup-1.3.0.0.tmp (PID: 8060)

    • Detects InnoSetup installer (YARA)

      • ATLauncher-setup-1.3.0.0.exe (PID: 6320)
      • ATLauncher-setup-1.3.0.0.tmp (PID: 8060)

    • Creates a software uninstall entry

      • ATLauncher-setup-1.3.0.0.tmp (PID: 8060)

    • Creates files or folders in the user directory

      • ATLauncher-setup-1.3.0.0.tmp (PID: 8060)
      • 7za.exe (PID: 7876)
      • javaw.exe (PID: 1660)

    • Reads CPU info

      • javaw.exe (PID: 7708)
      • javaw.exe (PID: 1660)
      • javaw.exe (PID: 7264)
      • javaw.exe (PID: 8380)

    • Process checks computer location settings

      • javaw.exe (PID: 1660)

    • Reads the machine GUID from the registry

      • javaw.exe (PID: 1660)

    • Creates files in the program directory

      • java.exe (PID: 1484)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.m4a/mp4 | AAC Audio in MP4 container (53.7)
.m4r | iPhone Ringtone (39.3)
.mov | QuickTime Movie (3.1)
.mp4 | Generic MP4 container (1.8)

EXIF

QuickTime

MajorBrand: Apple iTunes AAC-LC (.M4A) Audio
MinorVersion: 0.0.0
CompatibleBrands:
  • M4A
  • mp42
  • isom
MediaDataSize: 7124174
MediaDataOffset: 57344
MovieHeaderVersion: -
CreateDate: 2025:03:01 14:33:53
ModifyDate: 2025:03:01 14:33:53
TimeScale: 44100
Duration: 0:03:43
PreferredRate: 1
PreferredVolume: 100.00%
PreviewTime: 0 s
PreviewDuration: 0 s
PosterTime: 0 s
SelectionTime: 0 s
SelectionDuration: 0 s
CurrentTime: 0 s
NextTrackID: 2
TrackHeaderVersion: -
TrackCreateDate: 2025:03:01 14:33:53
TrackModifyDate: 2025:03:01 14:33:53
TrackID: 1
TrackDuration: 0:03:43
TrackLayer: -
TrackVolume: 100.00%
MatrixStructure: 1 0 0 0 1 0 0 0 1
MediaHeaderVersion: -
MediaCreateDate: 2025:03:01 14:33:53
MediaModifyDate: 2025:03:01 14:33:53
MediaTimeScale: 44100
MediaDuration: 0:03:43
Balance: -
AudioFormat: mp4a
AudioChannels: 2
AudioBitsPerSample: 16
AudioSampleRate: 44100
HandlerType: Metadata
HandlerVendorID: Apple
Artist: APercent
Album: Steven How Are You - Single
ContentCreateDate: 2025
Composer: Steven Malistrat
Title: Mój utwór 22
Encoder: GarageBand for iOS 2.3.17
BeatsPerMinute: 110
iTunSMPB: 0 840 35F 95C461 0 0 0 0 0 0 0 0
CoverArt: (Binary data 161987 bytes, use -b option to extract)

Composite

AvgBitrate: 256 kbps
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
196
Monitored processes
46
Malicious processes
2
Suspicious processes
2

Behavior graph

Click at the process to see the details
start vlc.exe firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs slui.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs atlauncher-setup-1.3.0.0.exe atlauncher-setup-1.3.0.0.tmp shellexperiencehost.exe no specs systemsettingsbroker.exe no specs 7za.exe conhost.exe no specs atlauncher.exe no specs javaw.exe no specs javaw.exe reg.exe no specs conhost.exe no specs java.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs javaw.exe no specs javaw.exe no specs svchost.exe

Process information

PID
CMD
Path
Indicators
Parent process
504"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6536 -prefsLen 40068 -prefMapHandle 6540 -prefMapSize 272997 -jsInitHandle 6552 -jsInitLen 247456 -parentBuildID 20250227124745 -ipcHandle 6896 -initialChannelId {f461b7e5-a874-488d-bc77-4ea08474506c} -parentPid 7076 -crashReporter "\\.\pipe\gecko-crash-server-pipe.7076" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 23 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140_1.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\vcruntime140.dll
684"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250227124745 -prefsHandle 2200 -prefsLen 36520 -prefMapHandle 2204 -prefMapSize 272997 -ipcHandle 2212 -initialChannelId {21c5811a-f4d0-49e6-bdf1-fb4e7f8073fb} -parentPid 7076 -crashReporter "\\.\pipe\gecko-crash-server-pipe.7076" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socketC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
760"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 4948 -prefsLen 39068 -prefMapHandle 4952 -prefMapSize 272997 -jsInitHandle 4956 -jsInitLen 247456 -parentBuildID 20250227124745 -ipcHandle 4752 -initialChannelId {48f074f0-e49f-409c-b33e-902819b9be35} -parentPid 7076 -crashReporter "\\.\pipe\gecko-crash-server-pipe.7076" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\cryptbase.dll
1440\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exereg.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1484"C:\Program Files\Java\jre1.8.0_271\bin\java.exe" -versionC:\Program Files\Java\jre1.8.0_271\bin\java.exejavaw.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
0
Version:
8.0.2710.9
Modules
Images
c:\program files\java\jre1.8.0_271\bin\java.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1508"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5716 -prefsLen 39792 -prefMapHandle 4480 -prefMapSize 272997 -jsInitHandle 5364 -jsInitLen 247456 -parentBuildID 20250227124745 -ipcHandle 5952 -initialChannelId {6406337d-1e78-483d-a15d-0629ffc680a2} -parentPid 7076 -crashReporter "\\.\pipe\gecko-crash-server-pipe.7076" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 16 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
1652"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3212 -prefsLen 36996 -prefMapHandle 3216 -prefMapSize 272997 -jsInitHandle 3220 -jsInitLen 247456 -parentBuildID 20250227124745 -ipcHandle 3144 -initialChannelId {a929c8f0-e978-44d4-8075-f137b5ad3369} -parentPid 7076 -crashReporter "\\.\pipe\gecko-crash-server-pipe.7076" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
1660"C:\Users\admin\AppData\Roaming\ATLauncher\jre\bin\javaw.exe" -Djna.nosys=true -Djava.net.preferIPv4Stack=true -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true -classpath "C:\Users\admin\AppData\Roaming\ATLauncher\ATLauncher.exe;lib\oshi-core-6.6.6.jar;lib\jna-platform-5.16.0.jar;lib\jna-5.16.0.jar;lib\gson-2.11.0.jar;lib\guava-33.4.0-jre.jar;lib\xz-1.10.jar;lib\base64-2.3.9.jar;lib\jopt-simple-5.0.4.jar;lib\zt-zip-1.17.jar;lib\sentry-8.0.0.jar;lib\gettext-lib-88ae68d897.jar;lib\murmur-1.0.0.jar;lib\jlhttp-3.2.jar;lib\joda-time-2.13.0.jar;lib\commonmark-0.21.0.jar;lib\dbus-java-3.3.2.jar;lib\nekodetector-Version-1.1-pre.jar;lib\imageio-webp-3.12.0.jar;lib\commons-compress-1.27.1.jar;lib\okhttp-tls-4.12.0.jar;lib\apollo-rx3-support-2.5.14.jar;lib\apollo-runtime-2.5.14.jar;lib\apollo-http-cache-2.5.14.jar;lib\okhttp-4.12.0.jar;lib\flatlaf-extras-3.5.4.jar;lib\flatlaf-3.5.4.jar;lib\log4j-core-2.24.3.jar;lib\log4j-api-2.24.3.jar;lib\rxswing-a5749ad421.jar;lib\rxjava-3.1.10.jar;lib\error_prone_annotations-2.36.0.jar;lib\failureaccess-1.0.2.jar;lib\listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar;lib\apollo-normalized-cache-jvm-2.5.14.jar;lib\cache-2.0.2.jar;lib\jsr305-3.0.2.jar;lib\checker-qual-3.43.0.jar;lib\j2objc-annotations-3.0.0.jar;lib\slf4j-api-2.0.16.jar;lib\antlr4-runtime-4.7.3.jar;lib\jnr-unixsocket-0.38.17.jar;lib\jnr-enxio-0.32.13.jar;lib\jnr-posix-3.1.15.jar;lib\jnr-ffi-2.2.11.jar;lib\asm-commons-9.2.jar;lib\asm-util-9.2.jar;lib\asm-analysis-9.2.jar;lib\asm-tree-9.5.jar;lib\asm-9.5.jar;lib\imageio-metadata-3.12.0.jar;lib\imageio-core-3.12.0.jar;lib\common-image-3.12.0.jar;lib\common-io-3.12.0.jar;lib\common-lang-3.12.0.jar;lib\commons-codec-1.17.1.jar;lib\commons-io-2.16.1.jar;lib\commons-lang3-3.16.0.jar;lib\apollo-http-cache-api-2.5.14.jar;lib\apollo-normalized-cache-api-jvm-2.5.14.jar;lib\apollo-api-jvm-2.5.14.jar;lib\okio-jvm-3.6.0.jar;lib\kotlin-stdlib-jdk8-1.9.10.jar;lib\jsvg-1.4.0.jar;lib\reactive-streams-1.0.4.jar;lib\jnr-constants-0.10.3.jar;lib\kotlin-stdlib-jdk7-1.9.10.jar;lib\uuid-jvm-0.2.0.jar;lib\kotlin-stdlib-1.9.10.jar;lib\jffi-1.3.9.jar;lib\jffi-1.3.9-native.jar;lib\jnr-a64asm-1.0.0.jar;lib\jnr-x86asm-1.0.2.jar;lib\kotlin-stdlib-common-1.9.10.jar;lib\annotations-13.0.jar" com.atlauncher.AppC:\Users\admin\AppData\Roaming\ATLauncher\jre\bin\javaw.exe
ATLauncher.exe
User:
admin
Company:
Eclipse Adoptium
Integrity Level:
MEDIUM
Description:
OpenJDK Platform binary
Version:
17.0.9.0
Modules
Images
c:\users\admin\appdata\roaming\atlauncher\jre\bin\javaw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\vcruntime140.dll
c:\users\admin\appdata\roaming\atlauncher\jre\bin\jli.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
1712"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6344 -prefsLen 40068 -prefMapHandle 5636 -prefMapSize 272997 -jsInitHandle 6316 -jsInitLen 247456 -parentBuildID 20250227124745 -ipcHandle 6432 -initialChannelId {1cbcfaa0-c98f-4464-908e-07583eb3d4f1} -parentPid 7076 -crashReporter "\\.\pipe\gecko-crash-server-pipe.7076" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 24 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\vcruntime140_1.dll
c:\windows\system32\bcrypt.dll
2200C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
Total events
32 810
Read events
32 770
Write events
40
Delete events
0

Modification events

(PID) Process:(7076) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\DllPrefetchExperiment
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe
Value:
0
(PID) Process:(7076) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
(PID) Process:(6736) ShellExperienceHost.exeKey:\REGISTRY\A\{1671da29-f912-3642-2886-905c31484682}\LocalState
Operation:writeName:placeholderLayout
Value:
7B0022004900730052006500730069007A00610062006C00650022003A0074007200750065002C002200470072006F0075007000730022003A005B007B0022004E0061006D00650022003A00220054006F00670067006C006500730022002C00220043007500730074006F006D00540065006D0070006C006100740065004B006500790022003A00220047007200690064005600690065007700470072006F0075007000540065006D0070006C0061007400650043006F006D00700061006300740022002C0022004D0069006E0052006F007700730022003A0031002C00220052006F0077005700690064007400680022003A0034002C00220051007500690063006B0041006300740069006F006E00730022003A005B007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E0041007600610069006C00610062006C0065004E006500740077006F0072006B00730022002C0022005400690074006C00650022003A0022004E006500740077006F0072006B0022002C002200490063006F006E0022003A00220077EE22002C00220043007500730074006F006D00540065006D0070006C006100740065004B006500790022003A00220051007500690063006B0054006F00670067006C006500540065006D0070006C006100740065004400650073006B0074006F00700022002C002200540079007000650022003A0031007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E0041006C006C00530065007400740069006E006700730022002C0022005400690074006C00650022003A00220041006C006C002000730065007400740069006E006700730022002C002200490063006F006E0022003A00220013E722002C00220043007500730074006F006D00540065006D0070006C006100740065004B006500790022003A00220051007500690063006B0054006F00670067006C006500540065006D0070006C006100740065004400650073006B0074006F00700022002C002200540079007000650022003A0031007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E004C006F0063006100740069006F006E0022002C0022005400690074006C00650022003A0022004C006F0063006100740069006F006E0022002C002200490063006F006E0022003A00220007E722002C00220043007500730074006F006D00540065006D0070006C006100740065004B006500790022003A00220051007500690063006B0054006F00670067006C006500540065006D0070006C006100740065004400650073006B0074006F00700022002C002200540079007000650022003A0030007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E005100750069006500740048006F0075007200730022002C0022005400690074006C00650022003A00220046006F00630075007300200061007300730069007300740022002C002200490063006F006E0022003A00220008E722002C00220043007500730074006F006D00540065006D0070006C006100740065004B006500790022003A00220051007500690063006B0054006F00670067006C006500540065006D0070006C006100740065004400650073006B0074006F00700022002C002200540079007000650022003A0030007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E0042006C00750065004C00690067006800740052006500640075006300740069006F006E0022002C0022005400690074006C00650022003A0022004E00690067006800740020006C00690067006800740022002C002200490063006F006E0022003A0022008CF022002C00220043007500730074006F006D00540065006D0070006C006100740065004B006500790022003A00220051007500690063006B0054006F00670067006C006500540065006D0070006C006100740065004400650073006B0074006F00700022002C002200540079007000650022003A0030007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E00560070006E0022002C0022005400690074006C00650022003A002200560050004E0022002C002200490063006F006E0022003A00220005E722002C00220043007500730074006F006D00540065006D0070006C006100740065004B006500790022003A00220051007500690063006B0054006F00670067006C006500540065006D0070006C006100740065004400650073006B0074006F00700022002C002200540079007000650022003A0031007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E00500072006F006A0065006300740022002C0022005400690074006C00650022003A002200500072006F006A0065006300740022002C002200490063006F006E0022003A002200C6EB22002C00220043007500730074006F006D00540065006D0070006C006100740065004B006500790022003A00220051007500690063006B0054006F00670067006C006500540065006D0070006C006100740065004400650073006B0074006F00700022002C002200540079007000650022003A0031007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E0043006F006E006E0065006300740022002C0022005400690074006C00650022003A00220043006F006E006E0065006300740022002C002200490063006F006E0022003A002200DEEB22002C00220043007500730074006F006D00540065006D0070006C006100740065004B006500790022003A00220051007500690063006B0054006F00670067006C006500540065006D0070006C006100740065004400650073006B0074006F00700022002C002200540079007000650022003A0031007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E00530063007200650065006E0043006C0069007000700069006E00670022002C0022005400690074006C00650022003A002200530063007200650065006E00200073006E006900700022002C002200490063006F006E0022003A00220006F422002C00220043007500730074006F006D00540065006D0070006C006100740065004B006500790022003A00220051007500690063006B0054006F00670067006C006500540065006D0070006C006100740065004400650073006B0074006F00700022002C002200540079007000650022003A0031007D005D007D002C007B0022004E0061006D00650022003A00220046006C006F007700730022002C00220043007500730074006F006D00540065006D0070006C006100740065004B006500790022003A00220047007200690064005600690065007700470072006F0075007000540065006D0070006C0061007400650043006F006D00700061006300740022002C0022004D0069006E0052006F007700730022003A0030002C00220052006F0077005700690064007400680022003A0034002C00220051007500690063006B0041006300740069006F006E00730022003A005B005D007D002C007B0022004E0061006D00650022003A00220053006C006900640065007200730022002C00220043007500730074006F006D00540065006D0070006C006100740065004B006500790022003A00220053006C006900640065007200470072006F0075007000540065006D0070006C0061007400650043006F006D00700061006300740022002C0022004D0069006E0052006F007700730022003A0030002C00220052006F0077005700690064007400680022003A0031002C00220051007500690063006B0041006300740069006F006E00730022003A005B005D007D005D007D0000000CC0A45B0FEDDB01
(PID) Process:(6736) ShellExperienceHost.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\default$windows.data.controlcenter.uistate\windows.data.controlcenter.uistate
Operation:writeName:Data
Value:
434201000A0201002A06CFB3A0C3062A2B0EFD2A43420100D20AD4085B007B0022004E0061006D00650022003A00220054006F00670067006C006500730022002C00220051007500690063006B0041006300740069006F006E00730022003A005B007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E0041007600610069006C00610062006C0065004E006500740077006F0072006B00730022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E0041006C006C00530065007400740069006E006700730022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E004C006F0063006100740069006F006E0022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E005100750069006500740048006F0075007200730022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E0042006C00750065004C00690067006800740052006500640075006300740069006F006E0022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E00560070006E0022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E00500072006F006A0065006300740022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E0043006F006E006E0065006300740022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E00530063007200650065006E0043006C0069007000700069006E00670022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E0042006100740074006500720079005300610076006500720022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E0042006C007500650074006F006F007400680022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E005400610062006C00650074004D006F006400650022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E0052006F0074006100740069006F006E004C006F0063006B0022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E0043006F006C006F007200500072006F00660069006C00650022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E00430065006C006C0075006C006100720022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E004D006F00620069006C00650048006F007400730070006F00740022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E0041006900720070006C0061006E0065004D006F006400650022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E004E006500610072005300680061007200650022007D005D007D002C007B0022004E0061006D00650022003A00220046006C006F007700730022002C00220051007500690063006B0041006300740069006F006E00730022003A005B005D007D002C007B0022004E0061006D00650022003A00220053006C006900640065007200730022002C00220051007500690063006B0041006300740069006F006E00730022003A005B007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E004200720069006700680074006E0065007300730022007D005D007D005D00D214E40C7B0022004900730052006500730069007A00610062006C00650022003A0074007200750065002C002200470072006F0075007000730022003A005B007B0022004E0061006D00650022003A00220054006F00670067006C006500730022002C00220043007500730074006F006D00540065006D0070006C006100740065004B006500790022003A00220047007200690064005600690065007700470072006F0075007000540065006D0070006C0061007400650043006F006D00700061006300740022002C0022004D0069006E0052006F007700730022003A0031002C00220052006F0077005700690064007400680022003A0034002C00220051007500690063006B0041006300740069006F006E00730022003A005B007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E0041007600610069006C00610062006C0065004E006500740077006F0072006B00730022002C0022005400690074006C00650022003A0022004E006500740077006F0072006B0022002C002200490063006F006E0022003A00220077EE22002C00220043007500730074006F006D00540065006D0070006C006100740065004B006500790022003A00220051007500690063006B0054006F00670067006C006500540065006D0070006C006100740065004400650073006B0074006F00700022002C002200540079007000650022003A0031007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E0041006C006C00530065007400740069006E006700730022002C0022005400690074006C00650022003A00220041006C006C002000730065007400740069006E006700730022002C002200490063006F006E0022003A00220013E722002C00220043007500730074006F006D00540065006D0070006C006100740065004B006500790022003A00220051007500690063006B0054006F00670067006C006500540065006D0070006C006100740065004400650073006B0074006F00700022002C002200540079007000650022003A0031007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E004C006F0063006100740069006F006E0022002C0022005400690074006C00650022003A0022004C006F0063006100740069006F006E0022002C002200490063006F006E0022003A00220007E722002C00220043007500730074006F006D00540065006D0070006C006100740065004B006500790022003A00220051007500690063006B0054006F00670067006C006500540065006D0070006C006100740065004400650073006B0074006F00700022002C002200540079007000650022003A0030007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E005100750069006500740048006F0075007200730022002C0022005400690074006C00650022003A00220046006F00630075007300200061007300730069007300740022002C002200490063006F006E0022003A00220008E722002C00220043007500730074006F006D00540065006D0070006C006100740065004B006500790022003A00220051007500690063006B0054006F00670067006C006500540065006D0070006C006100740065004400650073006B0074006F00700022002C002200540079007000650022003A0030007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E0042006C00750065004C00690067006800740052006500640075006300740069006F006E0022002C0022005400690074006C00650022003A0022004E00690067006800740020006C00690067006800740022002C002200490063006F006E0022003A0022008CF022002C00220043007500730074006F006D00540065006D0070006C006100740065004B006500790022003A00220051007500690063006B0054006F00670067006C006500540065006D0070006C006100740065004400650073006B0074006F00700022002C002200540079007000650022003A0030007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E00560070006E0022002C0022005400690074006C00650022003A002200560050004E0022002C002200490063006F006E0022003A00220005E722002C00220043007500730074006F006D00540065006D0070006C006100740065004B006500790022003A00220051007500690063006B0054006F00670067006C006500540065006D0070006C006100740065004400650073006B0074006F00700022002C002200540079007000650022003A0031007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E00500072006F006A0065006300740022002C0022005400690074006C00650022003A002200500072006F006A0065006300740022002C002200490063006F006E0022003A002200C6EB22002C00220043007500730074006F006D00540065006D0070006C006100740065004B006500790022003A00220051007500690063006B0054006F00670067006C006500540065006D0070006C006100740065004400650073006B0074006F00700022002C002200540079007000650022003A0031007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E0043006F006E006E0065006300740022002C0022005400690074006C00650022003A00220043006F006E006E0065006300740022002C002200490063006F006E0022003A002200DEEB22002C00220043007500730074006F006D00540065006D0070006C006100740065004B006500790022003A00220051007500690063006B0054006F00670067006C006500540065006D0070006C006100740065004400650073006B0074006F00700022002C002200540079007000650022003A0031007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E00530063007200650065006E0043006C0069007000700069006E00670022002C0022005400690074006C00650022003A002200530063007200650065006E00200073006E006900700022002C002200490063006F006E0022003A00220006F422002C00220043007500730074006F006D00540065006D0070006C006100740065004B006500790022003A00220051007500690063006B0054006F00670067006C006500540065006D0070006C006100740065004400650073006B0074006F00700022002C002200540079007000650022003A0031007D005D007D002C007B0022004E0061006D00650022003A00220046006C006F007700730022002C00220043007500730074006F006D00540065006D0070006C006100740065004B006500790022003A00220047007200690064005600690065007700470072006F0075007000540065006D0070006C0061007400650043006F006D00700061006300740022002C0022004D0069006E0052006F007700730022003A0030002C00220052006F0077005700690064007400680022003A0034002C00220051007500690063006B0041006300740069006F006E00730022003A005B005D007D002C007B0022004E0061006D00650022003A00220053006C006900640065007200730022002C00220043007500730074006F006D00540065006D0070006C006100740065004B006500790022003A00220053006C006900640065007200470072006F0075007000540065006D0070006C0061007400650043006F006D00700061006300740022002C0022004D0069006E0052006F007700730022003A0030002C00220052006F0077005700690064007400680022003A0031002C00220051007500690063006B0041006300740069006F006E00730022003A005B005D007D005D007D0000000000
(PID) Process:(6736) ShellExperienceHost.exeKey:\REGISTRY\A\{1671da29-f912-3642-2886-905c31484682}\LocalState
Operation:writeName:layout
Value:
5B007B0022004E0061006D00650022003A00220054006F00670067006C006500730022002C00220051007500690063006B0041006300740069006F006E00730022003A005B007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E0041007600610069006C00610062006C0065004E006500740077006F0072006B00730022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E0041006C006C00530065007400740069006E006700730022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E004C006F0063006100740069006F006E0022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E005100750069006500740048006F0075007200730022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E0042006C00750065004C00690067006800740052006500640075006300740069006F006E0022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E00560070006E0022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E00500072006F006A0065006300740022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E0043006F006E006E0065006300740022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E00530063007200650065006E0043006C0069007000700069006E00670022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E0042006100740074006500720079005300610076006500720022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E0042006C007500650074006F006F007400680022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E005400610062006C00650074004D006F006400650022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E0052006F0074006100740069006F006E004C006F0063006B0022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E0043006F006C006F007200500072006F00660069006C00650022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E00430065006C006C0075006C006100720022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E004D006F00620069006C00650048006F007400730070006F00740022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E0041006900720070006C0061006E0065004D006F006400650022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E004E006500610072005300680061007200650022007D005D007D002C007B0022004E0061006D00650022003A00220046006C006F007700730022002C00220051007500690063006B0041006300740069006F006E00730022003A005B005D007D002C007B0022004E0061006D00650022003A00220053006C006900640065007200730022002C00220051007500690063006B0041006300740069006F006E00730022003A005B007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E004200720069006700680074006E0065007300730022007D005D007D005D0000007B38A45B0FEDDB01
(PID) Process:(6736) ShellExperienceHost.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\default$windows.data.controlcenter.uistate\windows.data.controlcenter.uistate
Operation:writeName:Data
Value:
434201000A0201002A06D0B3A0C3062A2B0EFD2A43420100D20AD4085B007B0022004E0061006D00650022003A00220054006F00670067006C006500730022002C00220051007500690063006B0041006300740069006F006E00730022003A005B007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E0041007600610069006C00610062006C0065004E006500740077006F0072006B00730022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E0041006C006C00530065007400740069006E006700730022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E004C006F0063006100740069006F006E0022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E005100750069006500740048006F0075007200730022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E0042006C00750065004C00690067006800740052006500640075006300740069006F006E0022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E00560070006E0022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E00500072006F006A0065006300740022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E0043006F006E006E0065006300740022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E00530063007200650065006E0043006C0069007000700069006E00670022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E0042006100740074006500720079005300610076006500720022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E0042006C007500650074006F006F007400680022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E005400610062006C00650074004D006F006400650022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E0052006F0074006100740069006F006E004C006F0063006B0022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E0043006F006C006F007200500072006F00660069006C00650022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E00430065006C006C0075006C006100720022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E004D006F00620069006C00650048006F007400730070006F00740022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E0041006900720070006C0061006E0065004D006F006400650022007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E004E006500610072005300680061007200650022007D005D007D002C007B0022004E0061006D00650022003A00220046006C006F007700730022002C00220051007500690063006B0041006300740069006F006E00730022003A005B005D007D002C007B0022004E0061006D00650022003A00220053006C006900640065007200730022002C00220051007500690063006B0041006300740069006F006E00730022003A005B007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E004200720069006700680074006E0065007300730022007D005D007D005D00D214E40C7B0022004900730052006500730069007A00610062006C00650022003A0074007200750065002C002200470072006F0075007000730022003A005B007B0022004E0061006D00650022003A00220054006F00670067006C006500730022002C00220043007500730074006F006D00540065006D0070006C006100740065004B006500790022003A00220047007200690064005600690065007700470072006F0075007000540065006D0070006C0061007400650043006F006D00700061006300740022002C0022004D0069006E0052006F007700730022003A0031002C00220052006F0077005700690064007400680022003A0034002C00220051007500690063006B0041006300740069006F006E00730022003A005B007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E0041007600610069006C00610062006C0065004E006500740077006F0072006B00730022002C0022005400690074006C00650022003A0022004E006500740077006F0072006B0022002C002200490063006F006E0022003A00220077EE22002C00220043007500730074006F006D00540065006D0070006C006100740065004B006500790022003A00220051007500690063006B0054006F00670067006C006500540065006D0070006C006100740065004400650073006B0074006F00700022002C002200540079007000650022003A0031007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E0041006C006C00530065007400740069006E006700730022002C0022005400690074006C00650022003A00220041006C006C002000730065007400740069006E006700730022002C002200490063006F006E0022003A00220013E722002C00220043007500730074006F006D00540065006D0070006C006100740065004B006500790022003A00220051007500690063006B0054006F00670067006C006500540065006D0070006C006100740065004400650073006B0074006F00700022002C002200540079007000650022003A0031007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E004C006F0063006100740069006F006E0022002C0022005400690074006C00650022003A0022004C006F0063006100740069006F006E0022002C002200490063006F006E0022003A00220007E722002C00220043007500730074006F006D00540065006D0070006C006100740065004B006500790022003A00220051007500690063006B0054006F00670067006C006500540065006D0070006C006100740065004400650073006B0074006F00700022002C002200540079007000650022003A0030007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E005100750069006500740048006F0075007200730022002C0022005400690074006C00650022003A00220046006F00630075007300200061007300730069007300740022002C002200490063006F006E0022003A00220008E722002C00220043007500730074006F006D00540065006D0070006C006100740065004B006500790022003A00220051007500690063006B0054006F00670067006C006500540065006D0070006C006100740065004400650073006B0074006F00700022002C002200540079007000650022003A0030007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E0042006C00750065004C00690067006800740052006500640075006300740069006F006E0022002C0022005400690074006C00650022003A0022004E00690067006800740020006C00690067006800740022002C002200490063006F006E0022003A0022008CF022002C00220043007500730074006F006D00540065006D0070006C006100740065004B006500790022003A00220051007500690063006B0054006F00670067006C006500540065006D0070006C006100740065004400650073006B0074006F00700022002C002200540079007000650022003A0030007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E00560070006E0022002C0022005400690074006C00650022003A002200560050004E0022002C002200490063006F006E0022003A00220005E722002C00220043007500730074006F006D00540065006D0070006C006100740065004B006500790022003A00220051007500690063006B0054006F00670067006C006500540065006D0070006C006100740065004400650073006B0074006F00700022002C002200540079007000650022003A0031007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E00500072006F006A0065006300740022002C0022005400690074006C00650022003A002200500072006F006A0065006300740022002C002200490063006F006E0022003A002200C6EB22002C00220043007500730074006F006D00540065006D0070006C006100740065004B006500790022003A00220051007500690063006B0054006F00670067006C006500540065006D0070006C006100740065004400650073006B0074006F00700022002C002200540079007000650022003A0031007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E0043006F006E006E0065006300740022002C0022005400690074006C00650022003A00220043006F006E006E0065006300740022002C002200490063006F006E0022003A002200DEEB22002C00220043007500730074006F006D00540065006D0070006C006100740065004B006500790022003A00220051007500690063006B0054006F00670067006C006500540065006D0070006C006100740065004400650073006B0074006F00700022002C002200540079007000650022003A0031007D002C007B00220046007200690065006E0064006C0079004E0061006D00650022003A0022004D006900630072006F0073006F00660074002E0051007500690063006B0041006300740069006F006E002E00530063007200650065006E0043006C0069007000700069006E00670022002C0022005400690074006C00650022003A002200530063007200650065006E00200073006E006900700022002C002200490063006F006E0022003A00220006F422002C00220043007500730074006F006D00540065006D0070006C006100740065004B006500790022003A00220051007500690063006B0054006F00670067006C006500540065006D0070006C006100740065004400650073006B0074006F00700022002C002200540079007000650022003A0031007D005D007D002C007B0022004E0061006D00650022003A00220046006C006F007700730022002C00220043007500730074006F006D00540065006D0070006C006100740065004B006500790022003A00220047007200690064005600690065007700470072006F0075007000540065006D0070006C0061007400650043006F006D00700061006300740022002C0022004D0069006E0052006F007700730022003A0030002C00220052006F0077005700690064007400680022003A0034002C00220051007500690063006B0041006300740069006F006E00730022003A005B005D007D002C007B0022004E0061006D00650022003A00220053006C006900640065007200730022002C00220043007500730074006F006D00540065006D0070006C006100740065004B006500790022003A00220053006C006900640065007200470072006F0075007000540065006D0070006C0061007400650043006F006D00700061006300740022002C0022004D0069006E0052006F007700730022003A0030002C00220052006F0077005700690064007400680022003A0031002C00220051007500690063006B0041006300740069006F006E00730022003A005B005D007D005D007D0000000000
(PID) Process:(6736) ShellExperienceHost.exeKey:HKEY_CURRENT_USER\Control Panel\Quick Actions\Control Center\QuickActionsStateCapture
Operation:writeName:GroupCount
Value:
3
(PID) Process:(6736) ShellExperienceHost.exeKey:HKEY_CURRENT_USER\Control Panel\Quick Actions\Control Center\QuickActionsStateCapture
Operation:writeName:Toggles
Value:
Toggles,Microsoft.QuickAction.AvailableNetworks:false,Microsoft.QuickAction.AllSettings:false,Microsoft.QuickAction.Location:false,Microsoft.QuickAction.QuietHours:false,Microsoft.QuickAction.BlueLightReduction:false,Microsoft.QuickAction.Vpn:false,Microsoft.QuickAction.Project:false,Microsoft.QuickAction.Connect:false,Microsoft.QuickAction.ScreenClipping:false
(PID) Process:(6736) ShellExperienceHost.exeKey:HKEY_CURRENT_USER\Control Panel\Quick Actions\Control Center\QuickActionsStateCapture
Operation:writeName:Flows
Value:
Flows
(PID) Process:(6736) ShellExperienceHost.exeKey:HKEY_CURRENT_USER\Control Panel\Quick Actions\Control Center\QuickActionsStateCapture
Operation:writeName:Sliders
Value:
Sliders
Executable files
118
Suspicious files
377
Text files
497
Unknown types
0

Dropped files

PID
Process
Filename
Type
7076firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
MD5:
SHA256:
6808vlc.exeC:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.initext
MD5:ED4DB6DFF8F77989B934CFF7009F0B33
SHA256:531A2BCF722347A197B859D3E7D9E4C4367275D203D7C6A8635B68E4BC7733B7
6808vlc.exeC:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.locktext
MD5:3F2275CF815E587B33BAC3518B54304D
SHA256:C1A2D010FDB6AD69CB50256508FA74698DA17869AD2C9BC663CFDA2082A2348B
7076firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
7076firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\urlCache-current.binbinary
MD5:3134ED3F12E4F4F8643DB90043B0FD7B
SHA256:26E4F122034D7A03F6DA0E707799B09CBEEBDAF8D7A3133A1F7BD894AC72EEA1
7076firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\cookies.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
7076firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\sessionCheckpoints.jsonbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
7076firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
7076firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\bounce-tracking-protection.sqlite-journalbinary
MD5:1F940753E50DC90CF78917E28A474469
SHA256:EFD93472AE82CD6E03067E6C7EF3722BCF8161621D574260380C5647C85698E8
7076firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\sessionCheckpoints.json.tmpbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
60
TCP/UDP connections
247
DNS requests
334
Threats
6

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7076
firefox.exe
POST
200
172.217.18.3:80
http://o.pki.goog/we2
US
binary
281 b
whitelisted
1268
svchost.exe
GET
200
23.48.23.169:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
DE
binary
825 b
whitelisted
1268
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
DE
binary
814 b
whitelisted
2764
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
DE
binary
471 b
whitelisted
7076
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
US
text
8 b
whitelisted
7076
firefox.exe
POST
200
172.217.18.3:80
http://o.pki.goog/s/wr3/azY
US
binary
471 b
whitelisted
7076
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
US
text
90 b
whitelisted
7076
firefox.exe
POST
200
172.217.18.3:80
http://o.pki.goog/we2
US
binary
280 b
whitelisted
7484
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
DE
binary
408 b
whitelisted
7076
firefox.exe
POST
200
172.217.18.3:80
http://o.pki.goog/we2
US
binary
281 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1268
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3720
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
1268
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
23.48.23.169:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2764
svchost.exe
20.190.159.23:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2764
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 4.231.128.59
  • 40.127.240.158
whitelisted
google.com
  • 172.217.16.206
whitelisted
crl.microsoft.com
  • 23.48.23.169
  • 23.48.23.194
  • 23.48.23.143
  • 23.48.23.156
  • 23.48.23.141
  • 23.48.23.173
  • 23.48.23.177
  • 23.48.23.164
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
login.live.com
  • 20.190.159.23
  • 20.190.159.0
  • 40.126.31.2
  • 20.190.159.2
  • 40.126.31.0
  • 40.126.31.1
  • 20.190.159.64
  • 20.190.159.129
  • 40.126.31.3
  • 40.126.31.130
  • 20.190.159.128
  • 20.190.159.75
  • 40.126.31.71
  • 20.190.159.130
whitelisted
ocsp.digicert.com
  • 2.17.190.73
  • 184.30.131.245
  • 2.23.77.188
whitelisted
content-signature-2.cdn.mozilla.net
  • 34.160.144.191
whitelisted
nexusrules.officeapps.live.com
  • 52.111.227.11
whitelisted
content-signature-chains.prod.autograph.services.mozaws.net
  • 34.160.144.191
  • 2600:1901:0:92a9::
whitelisted
detectportal.firefox.com
  • 34.107.221.82
whitelisted

Threats

PID
Process
Class
Message
2200
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] An application monitoring request to newrelic .com
2200
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] An application monitoring request to newrelic .com
2200
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] An application monitoring request to newrelic .com
2200
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2200
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2200
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
Process
Message
vlc.exe
main libvlc debug: VLC media player - 3.0.11 Vetinari
vlc.exe
main libvlc debug: Copyright © 1996-2020 the VideoLAN team
vlc.exe
main libvlc debug: revision 3.0.11-0-gdc0c5ced72
vlc.exe
main libvlc debug: configured with ../extras/package/win32/../../../configure '--enable-update-check' '--enable-lua' '--enable-faad' '--enable-flac' '--enable-theora' '--enable-avcodec' '--enable-merge-ffmpeg' '--enable-dca' '--enable-mpc' '--enable-libass' '--enable-schroedinger' '--enable-realrtsp' '--enable-live555' '--enable-dvdread' '--enable-shout' '--enable-goom' '--enable-caca' '--enable-qt' '--enable-skins2' '--enable-sse' '--enable-mmx' '--enable-libcddb' '--enable-zvbi' '--disable-telx' '--enable-nls' '--host=x86_64-w64-mingw32' '--with-breakpad=https://win.crashes.videolan.org' 'host_alias=x86_64-w64-mingw32' 'PKG_CONFIG_LIBDIR=/home/jenkins/workspace/vlc-release/windows/vlc-release-win32-x64/contrib/x86_64-w64-mingw32/lib/pkgconfig'
vlc.exe
main libvlc debug: using multimedia timers as clock source
vlc.exe
main libvlc debug: min period: 1 ms, max period: 1000000 ms
vlc.exe
main libvlc debug: searching plug-in modules
vlc.exe
main libvlc debug: loading plugins cache file C:\Program Files\VideoLAN\VLC\plugins\plugins.dat
vlc.exe
main libvlc debug: recursively browsing `C:\Program Files\VideoLAN\VLC\plugins'
vlc.exe
main libvlc debug: plug-ins loaded: 494 modules
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Steven How Are You.m4a