Windows Analysis Report
IMG_2879.mp4

Overview

General Information

Sample name: IMG_2879.mp4
(renamed file extension from JPG to mp4)
Original sample name: IMG_2879.JPG
Analysis ID: 1445852
MD5: 2276ca86ca713ad22d76457615e8c727
SHA1: 48e0f4ff39254cb417b032f73cc607d524908878
SHA256: 86dae22df32447e4fe1cce4f6fd20c9d19ea557d8f640e4c974753b5ebd4de97
Infos:

Detection

Score: 3
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Uses code obfuscation techniques (call, push, ret)

Classification

Source: unknown HTTPS traffic detected: 13.107.246.67:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.67:443 -> 192.168.2.4:49741 version: TLS 1.2
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 13.107.246.67 13.107.246.67
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /PlayReady/ACT/Activation.asmx?WSDL&Client=Win10&LinkId=613387 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-PlayReady-DRM/1.0Host: activation2.playready.microsoft.com
Source: global traffic DNS traffic detected: DNS query: settings-ssl.xboxlive.com
Source: unknown HTTP traffic detected: POST /PlayReady/ACT/Activation.asmx HTTP/1.1Connection: Keep-AliveContent-Type: text/xml; charset=utf-8Accept: */*User-Agent: Microsoft-PlayReady-DRM/1.0x-playready-info: OSVersion=10.0; ClientDllVersion=Windows.Media.Protection.PlayReady.dll/10.0.19041.2006 (WinBuild.160101.0800); Session=fa58d78ad5ed7305c0ed9c15cee9fb11; StoreAppID=Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo; X-XblCorrelationId: 5574449021208076118SOAPAction: "http://schemas.microsoft.com/PlayReady/ActivationService/v1/Activate"Content-Length: 3580Host: activation2.playready.microsoft.com
Source: 57C8EDB95DF3F0AD4EE2DC2B8CFD41570.1.dr String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
Source: Video.UI.exe, 00000001.00000003.1778736636.00000265E8A5B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://dmd-ca-beta2/CertEnroll/Microsoft%20Digital%20Media%20Authority%202005.crl
Source: Video.UI.exe, 00000001.00000003.1778736636.00000265E8A5B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://dmd-ca-beta2/CertEnroll/dmd-ca-beta2_Microsoft%20Digital%20Media%20Authority%202005.crt0d
Source: Video.UI.exe, 00000001.00000002.2910897243.00000265DB22C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://json-schema.org/draft-04/schema
Source: Video.UI.exe, 00000001.00000002.2926398742.00000265E8E75000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ns.apple.com/HDRGainMap/1.
Source: Video.UI.exe, 00000001.00000003.1697633187.00000265E8625000.00000004.00000020.00020000.00000000.sdmp, Video.UI.exe, 00000001.00000003.1742362950.00000265E7DE1000.00000004.00000020.00020000.00000000.sdmp, Video.UI.exe, 00000001.00000003.1662956529.00000265E8402000.00000004.00000020.00020000.00000000.sdmp, Video.UI.exe, 00000001.00000003.1663252720.00000265E8502000.00000004.00000020.00020000.00000000.sdmp, Video.UI.exe, 00000001.00000003.1757950524.00000265E8529000.00000004.00000020.00020000.00000000.sdmp, Video.UI.exe, 00000001.00000002.2911756392.00000265DB3A8000.00000004.00000020.00020000.00000000.sdmp, Video.UI.exe, 00000001.00000003.1742577616.00000265E8525000.00000004.00000020.00020000.00000000.sdmp, Video.UI.exe, 00000001.00000002.2926398742.00000265E8E55000.00000004.00000020.00020000.00000000.sdmp, IMG_2879.mp4 String found in binary or memory: http://ns.apple.com/HDRGainMap/1.0/
Source: Video.UI.exe, 00000001.00000003.1779015016.00000265E8813000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/soap/http
Source: Video.UI.exe, 00000001.00000002.2921668578.00000265E7D1D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp82J
Source: Video.UI.exe, 00000001.00000002.2921634310.00000265E7C95000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://android.notify.windows.com/iOS
Source: Video.UI.exe, 00000001.00000002.2921634310.00000265E7C95000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://android.notify.windows.com/iOSWM/MediaClassPrimaryID
Source: Video.UI.exe, 00000001.00000002.2921634310.00000265E7C95000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com
Source: Video.UI.exe, 00000001.00000002.2921634310.00000265E7C95000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/
Source: Video.UI.exe, 00000001.00000003.2272832446.00000265E7D52000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.windows.local
Source: Video.UI.exe, 00000001.00000002.2921919917.00000265E7D62000.00000004.00000020.00020000.00000000.sdmp, Video.UI.exe, 00000001.00000003.2272863476.00000265E7D5A000.00000004.00000020.00020000.00000000.sdmp, Video.UI.exe, 00000001.00000003.2272832446.00000265E7D52000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.windows.local/
Source: Video.UI.exe, 00000001.00000002.2921919917.00000265E7D62000.00000004.00000020.00020000.00000000.sdmp, Video.UI.exe, 00000001.00000003.2272863476.00000265E7D5A000.00000004.00000020.00020000.00000000.sdmp, Video.UI.exe, 00000001.00000003.2272832446.00000265E7D52000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.windows.net
Source: Video.UI.exe, 00000001.00000002.2921919917.00000265E7D62000.00000004.00000020.00020000.00000000.sdmp, Video.UI.exe, 00000001.00000003.2272863476.00000265E7D5A000.00000004.00000020.00020000.00000000.sdmp, Video.UI.exe, 00000001.00000003.2272832446.00000265E7D52000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.windows.net/
Source: Video.UI.exe, 00000001.00000002.2921919917.00000265E7D62000.00000004.00000020.00020000.00000000.sdmp, Video.UI.exe, 00000001.00000003.2272863476.00000265E7D5A000.00000004.00000020.00020000.00000000.sdmp, Video.UI.exe, 00000001.00000003.2272832446.00000265E7D52000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.windows.netNetscape
Source: Video.UI.exe, 00000001.00000002.2921944106.00000265E7D83000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://settings-ssl.xboxlive.com/
Source: Video.UI.exe, 00000001.00000002.2921944106.00000265E7D83000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://settings-ssl.xboxlive.com/UP
Source: Video.UI.exe, 00000001.00000002.2921668578.00000265E7CE4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://settings-ssl.xboxlive.com/XBLWinClient/v10_video/configuration.xml
Source: Video.UI.exe, 00000001.00000002.2913395537.00000265E1D9B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://wns.windows.com/.dll
Source: Video.UI.exe, 00000001.00000002.2921919917.00000265E7D62000.00000004.00000020.00020000.00000000.sdmp, Video.UI.exe, 00000001.00000003.2272863476.00000265E7D5A000.00000004.00000020.00020000.00000000.sdmp, Video.UI.exe, 00000001.00000003.2272832446.00000265E7D52000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://xsts.auth.xboxlive.com
Source: Video.UI.exe, 00000001.00000002.2921919917.00000265E7D62000.00000004.00000020.00020000.00000000.sdmp, Video.UI.exe, 00000001.00000003.2272863476.00000265E7D5A000.00000004.00000020.00020000.00000000.sdmp, Video.UI.exe, 00000001.00000003.2272832446.00000265E7D52000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://xsts.auth.xboxlive.com/Enrolment
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown HTTPS traffic detected: 13.107.246.67:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.67:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: classification engine Classification label: clean3.winMP4@1/17@1/1
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\ Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: d2d1.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: sharedui.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: vccorlib140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: msvcp140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: concrt140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: vcruntime140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: vcruntime140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: msvcp140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: vcruntime140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.ui.xaml.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.staterepositorycore.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.ui.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windowmanagementapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: inputhost.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: resourcepolicyclient.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: d3d10warp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: rometadata.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: dxcore.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.applicationmodel.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: esent.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.storage.applicationdata.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: logoncli.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: threadpoolwinrt.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.globalization.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: bcp47mrm.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: clipc.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: mrmcorer.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.staterepositoryclient.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: appxdeploymentclient.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.ui.xaml.controls.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.shell.servicehostbuilder.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: execmodelproxy.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: rmclient.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: uiamanager.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.ui.core.textinput.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.ui.immersive.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: dataexchange.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.system.profile.retailinfo.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.media.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.graphics.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.ui.xaml.phone.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: twinapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.energy.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.networking.connectivity.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.devices.enumeration.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: directmanipulation.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: wuceffects.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: profext.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.media.playback.mediaplayer.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: mfplat.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: rtworkq.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.media.mediacontrol.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: mmdevapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: devobj.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: mfmediaengine.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: audioses.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.media.devices.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.media.playback.proxystub.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: devdispitemprovider.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: ddores.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.web.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: defaultdevicemanager.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: comppkgsup.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: mfmp4srcsnk.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: appcontracts.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: usermgrproxy.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: cdprt.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: cdp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: dsreg.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: mfps.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: mfsrcsnk.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: msamrnbsource.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: mfasfsrcsnk.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: mfds.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: msflacdecoder.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: avrt.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: mfmpeg2srcsnk.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: mfmkvsrcsnk.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: mfnetsrc.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: mfnetcore.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.media.protection.playready.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: wpnapps.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: msxml6.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.networking.backgroundtransfer.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: systemeventsbrokerclient.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.applicationmodel.lockscreen.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: wincorlib.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: lockappbroker.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: biwinrt.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.security.authentication.web.core.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: webio.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: mfsvr.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.applicationmodel.background.timebroker.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: vaultcli.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: microsoftaccountwamextension.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: cryptnet.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: gnsdk_fp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: mf.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32 Jump to behavior
Source: IMG_2879.mp4 Static file information: File size 2585783 > 1048576
Uses code obfuscation techniques (call, push, ret)
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Code function: 1_2_00000265E8D033A0 push BA000002h; iretd 1_2_00000265E8D033A5
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Code function: 1_2_00000265E8D0234F push ebp; ret 1_2_00000265E8D02350
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Queries disk information (often used to detect virtual machines)
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe File opened: PhysicalDrive0 Jump to behavior
Source: Video.UI.exe, 00000001.00000002.2924149841.00000265E87BD000.00000004.00000020.00020000.00000000.sdmp, Video.UI.exe, 00000001.00000002.2923832335.00000265E8771000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: Video.UI.exe, 00000001.00000002.2923471201.00000265E871B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW@Pw
Queries the volume information (name, serial number etc) of a device
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edbtmp.log VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edbtmp.log VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edbres00001.jrs VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edbres00002.jrs VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.chk VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.jfm VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\tmp.edb VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Queries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Queries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\SRPData.xml VolumeInformation Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1445852 Sample: IMG_2879.JPG Startdate: 22/05/2024 Architecture: WINDOWS Score: 3 8 shed.dual-low.part-0039.t-0009.t-msedge.net 2->8 10 settings-ssl.xboxlive.com 2->10 12 2 other IPs or domains 2->12 5 Video.UI.exe 39 46 2->5         started        process3 dnsIp4 14 part-0039.t-0009.t-msedge.net 13.107.246.67, 443, 49739, 49741 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 5->14
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
13.107.246.67
 part-0039.t-0009.t-msedge.net United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false

Contacted Domains

Name IP Active
part-0039.t-0009.t-msedge.net 13.107.246.67 true
settings-ssl.xboxlive.com unknown unknown