Windows Analysis Report
IMG_3552.mp4

Overview

General Information

Sample name: IMG_3552.mp4
(renamed file extension from heic to mp4)
Original sample name: IMG_3552.heic
Analysis ID: 1541546
MD5: 9717a09d40bc1178aaf2841d68fb03a8
SHA1: e0ad4a4582e00f335cd02ae62efd3267ebcb4d0f
SHA256: 03f0d2cc8723bdadbcd41c081fa77018351cb12402b362ce4d7a93cd6049a909
Infos:

Detection

Score: 3
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

Detected potential crypto function
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Uses code obfuscation techniques (call, push, ret)

Classification

Source: unknown HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.9:49800 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.9:49810 version: TLS 1.2
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 13.107.246.45 13.107.246.45
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /PlayReady/ACT/Activation.asmx?WSDL&Client=Win10&LinkId=613387 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-PlayReady-DRM/1.0Host: activation2.playready.microsoft.com
Source: global traffic DNS traffic detected: DNS query: settings-ssl.xboxlive.com
Source: global traffic DNS traffic detected: DNS query: 18.31.95.13.in-addr.arpa
Source: unknown HTTP traffic detected: POST /PlayReady/ACT/Activation.asmx HTTP/1.1Connection: Keep-AliveContent-Type: text/xml; charset=utf-8Accept: */*User-Agent: Microsoft-PlayReady-DRM/1.0x-playready-info: OSVersion=10.0; ClientDllVersion=Windows.Media.Protection.PlayReady.dll/10.0.19041.2006 (WinBuild.160101.0800); Session=bd658ae49cf14753f24fddb21ec89b52; StoreAppID=Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo; X-XblCorrelationId: 4984944002049569559SOAPAction: "http://schemas.microsoft.com/PlayReady/ActivationService/v1/Activate"Content-Length: 3580Host: activation2.playready.microsoft.com
Source: Video.UI.exe, 00000002.00000003.1491455850.00000199C225B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://dmd-ca-beta2/CertEnroll/Microsoft%20Digital%20Media%20Authority%202005.crl
Source: Video.UI.exe, 00000002.00000003.1491455850.00000199C225B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://dmd-ca-beta2/CertEnroll/dmd-ca-beta2_Microsoft%20Digital%20Media%20Authority%202005.crt0d
Source: Video.UI.exe, 00000002.00000002.2615025287.00000199B2E13000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://json-schema.org/draft-04/schema
Source: Video.UI.exe, 00000002.00000003.1432395075.00000199BFD29000.00000004.00000020.00020000.00000000.sdmp, Video.UI.exe, 00000002.00000003.1471339907.00000199BFD36000.00000004.00000020.00020000.00000000.sdmp, Video.UI.exe, 00000002.00000003.1454818870.00000199BFD29000.00000004.00000020.00020000.00000000.sdmp, Video.UI.exe, 00000002.00000003.1390509504.00000199BFD25000.00000004.00000020.00020000.00000000.sdmp, Video.UI.exe, 00000002.00000003.1376869013.00000199BFC02000.00000004.00000020.00020000.00000000.sdmp, Video.UI.exe, 00000002.00000003.1376428177.00000199BFA02000.00000004.00000020.00020000.00000000.sdmp, IMG_3552.mp4 String found in binary or memory: http://ns.apple.com/HDRGainMap/1.0/
Source: Video.UI.exe, 00000002.00000002.2625294288.00000199BFD33000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ns.apple.com/HDRGainMap0X
Source: Video.UI.exe, 00000002.00000003.1491686223.00000199BFF13000.00000004.00000020.00020000.00000000.sdmp, Video.UI.exe, 00000002.00000002.2627521311.00000199C220A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/soap/http
Source: Video.UI.exe, 00000002.00000002.2622939968.00000199BF145000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp
Source: Video.UI.exe, 00000002.00000002.2622827877.00000199BF0CA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://android.notify.windows.com/iOS
Source: Video.UI.exe, 00000002.00000002.2618016553.00000199B92A6000.00000004.00000020.00020000.00000000.sdmp, Video.UI.exe, 00000002.00000002.2618255369.00000199B93A1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com
Source: Video.UI.exe, 00000002.00000002.2618255369.00000199B93A1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/
Source: Video.UI.exe, 00000002.00000002.2622706013.00000199BF05D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.windows.local
Source: Video.UI.exe, 00000002.00000002.2622706013.00000199BF05D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.windows.local//
Source: Video.UI.exe, 00000002.00000002.2618016553.00000199B92A6000.00000004.00000020.00020000.00000000.sdmp, Video.UI.exe, 00000002.00000002.2622102588.00000199BEF38000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.windows.net
Source: Video.UI.exe, 00000002.00000002.2622102588.00000199BEF38000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.windows.net/
Source: Video.UI.exe, 00000002.00000003.1999829201.00000199BF1A3000.00000004.00000020.00020000.00000000.sdmp, Video.UI.exe, 00000002.00000002.2623143142.00000199BF1AF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://settings-ssl.xboxlive.com/
Source: Video.UI.exe, 00000002.00000003.1999829201.00000199BF1A3000.00000004.00000020.00020000.00000000.sdmp, Video.UI.exe, 00000002.00000002.2623143142.00000199BF1AF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://settings-ssl.xboxlive.com/.xml
Source: Video.UI.exe, 00000002.00000002.2622939968.00000199BF145000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://settings-ssl.xboxlive.com/XBLWinClient/v10_video/configuration.xml
Source: Video.UI.exe, 00000002.00000002.2622939968.00000199BF145000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://settings-ssl.xboxlive.com/XBLWinClient/v10_video/configuration.xml4
Source: Video.UI.exe, 00000002.00000002.2622939968.00000199BF145000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://settings-ssl.xboxlive.com/XBLWinClient/v10_video/configuration.xmle
Source: Video.UI.exe, 00000002.00000002.2622939968.00000199BF145000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://settings-ssl.xboxlive.com/XBLWinClient/v10_video/configuration.xmlte
Source: Video.UI.exe, 00000002.00000002.2622102588.00000199BEF38000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://xsts.auth.xboxlive.com
Source: Video.UI.exe, 00000002.00000002.2622102588.00000199BEF38000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://xsts.auth.xboxlive.com/
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.9:49800 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.9:49810 version: TLS 1.2
Detected potential crypto function
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Code function: 2_2_00000199BF9A35D3 2_2_00000199BF9A35D3
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Code function: 2_2_00000199BF9AA352 2_2_00000199BF9AA352
Source: classification engine Classification label: clean3.winMP4@1/15@2/1
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\ Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: d2d1.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: sharedui.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: vccorlib140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: msvcp140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: concrt140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: vcruntime140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: vcruntime140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: msvcp140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: msvcp140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: concrt140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: vcruntime140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: vcruntime140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.ui.xaml.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.staterepositorycore.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.ui.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windowmanagementapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: inputhost.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: resourcepolicyclient.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: d3d10warp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: rometadata.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: dxcore.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.applicationmodel.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: esent.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.storage.applicationdata.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: logoncli.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: threadpoolwinrt.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.globalization.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: bcp47mrm.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: clipc.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: mrmcorer.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.staterepositoryclient.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: appxdeploymentclient.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.ui.xaml.controls.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.shell.servicehostbuilder.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: execmodelproxy.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: rmclient.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: uiamanager.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.ui.core.textinput.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.ui.immersive.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: dataexchange.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.system.profile.retailinfo.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.media.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.graphics.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.ui.xaml.phone.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: twinapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.energy.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.networking.connectivity.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.devices.enumeration.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: directmanipulation.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: wuceffects.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: profext.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.media.playback.mediaplayer.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: mfplat.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: rtworkq.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.media.mediacontrol.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: mmdevapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: devobj.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: mfmediaengine.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: audioses.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.media.devices.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.media.playback.proxystub.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: devdispitemprovider.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.web.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: ddores.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: defaultdevicemanager.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: comppkgsup.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: mfmp4srcsnk.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: appcontracts.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: usermgrproxy.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: cdprt.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: cdp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: dsreg.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: mfps.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: mfsrcsnk.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: msamrnbsource.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: mfasfsrcsnk.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: mfds.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: msflacdecoder.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: avrt.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: mfmpeg2srcsnk.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: mfmkvsrcsnk.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: mfnetsrc.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: mfnetcore.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: msxml6.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.media.protection.playready.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: wpnapps.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.networking.backgroundtransfer.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: systemeventsbrokerclient.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.applicationmodel.lockscreen.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: wincorlib.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: lockappbroker.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.security.authentication.web.core.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: vaultcli.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: microsoftaccountwamextension.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: mfsvr.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: windows.applicationmodel.background.timebroker.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: biwinrt.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: webio.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: cryptnet.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: gnsdk_fp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: mf.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32 Jump to behavior
Source: IMG_3552.mp4 Static file information: File size 3119675 > 1048576
Uses code obfuscation techniques (call, push, ret)
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Code function: 2_2_00000199BF9A2309 push ebp; iretd 2_2_00000199BF9A230A
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Code function: 2_2_00000199BF9AA943 push esp; retf 2_2_00000199BF9AA946
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Code function: 2_2_00000199BF9A2373 push ebp; iretd 2_2_00000199BF9A2374
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Code function: 2_2_00000199C21567C9 push ebp; iretd 2_2_00000199C21567CA
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Code function: 2_2_00000199C21540E0 push BA000002h; iretd 2_2_00000199C21540E5
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Code function: 2_2_00000199C2154E09 push ebp; iretd 2_2_00000199C2154E0A
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Code function: 2_2_00000199C2156833 push ebp; iretd 2_2_00000199C2156834
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Code function: 2_2_00000199C2154E73 push ebp; iretd 2_2_00000199C2154E74
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Queries disk information (often used to detect virtual machines)
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe File opened: PhysicalDrive0 Jump to behavior
Source: Video.UI.exe, 00000002.00000002.2624460310.00000199BFB2C000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: Video.UI.exe, 00000002.00000002.2622939968.00000199BF145000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe;C:\Windows\SYSTEM32C:\Program Files\WindowsApps\Microsoft.Hyper-V RAW.19071.19011.0_x64__8wekyb3d8bbwe;C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.27323.0_x64__8wekyb3d8bbwe;
Source: Video.UI.exe, 00000002.00000002.2624460310.00000199BFB2C000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW@
Queries the volume information (name, serial number etc) of a device
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edbtmp.log VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edbtmp.log VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edbres00001.jrs VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edbres00002.jrs VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.chk VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.jfm VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\tmp.edb VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Queries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Queries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.chk VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\SRPData.xml VolumeInformation Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1541546 Sample: IMG_3552.heic Startdate: 25/10/2024 Architecture: WINDOWS Score: 3 8 shed.dual-low.s-part-0017.t-0009.t-msedge.net 2->8 10 settings-ssl.xboxlive.com 2->10 12 3 other IPs or domains 2->12 5 Video.UI.exe 39 38 2->5         started        process3 dnsIp4 14 s-part-0017.t-0009.t-msedge.net 13.107.246.45, 443, 49800, 49810 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 5->14
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
13.107.246.45
 s-part-0017.t-0009.t-msedge.net United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false

Contacted Domains

Name IP Active
s-part-0036.t-0009.t-msedge.net 13.107.246.64 true
s-part-0017.t-0009.t-msedge.net 13.107.246.45 true
settings-ssl.xboxlive.com unknown unknown
18.31.95.13.in-addr.arpa unknown unknown