Edit tour

Windows Analysis Report
Asana for L&D.mp4

Overview

General Information

Sample name:	Asana for L&D.mp4
Analysis ID:	1525208
MD5:	1df19920d9f0e2fad221b8d104c960e5
SHA1:	d420544bc864849478567d9b6ef6c03c3ca39d2e
SHA256:	723b2b9fd3570fc2b9f879987d6352e066a91f683e6fba5a8fa8ed41030223fd
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Queries disk information (often used to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Classification

Process Tree

System is w10x64

Video.UI.exe (PID: 7052 cmdline: "C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe" -ServerName:Microsoft.ZuneVideo.AppX758ya5sqdjd98rx6z7g95nw6jy7bqx9y.mca MD5: FE340ECB1D09B5BAA66DFE25AF11654F)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:49722 version: TLS 1.2

Source: Joe Sandbox View

IP Address: 13.107.246.45 13.107.246.45

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /PlayReady/ACT/Activation.asmx?WSDL&Client=Win10&LinkId=613387 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-PlayReady-DRM/1.0Host: activation2.playready.microsoft.com

Source: global traffic

DNS traffic detected: DNS query: settings-ssl.xboxlive.com

Source: unknown

HTTP traffic detected: POST /PlayReady/ACT/Activation.asmx HTTP/1.1Connection: Keep-AliveContent-Type: text/xml; charset=utf-8Accept: */*User-Agent: Microsoft-PlayReady-DRM/1.0x-playready-info: OSVersion=10.0; ClientDllVersion=Windows.Media.Protection.PlayReady.dll/10.0.19041.2006 (WinBuild.160101.0800); Session=957dbe4ff2e8b607995106496f92a94e; StoreAppID=Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo; X-XblCorrelationId: 4686606923178594251SOAPAction: "http://schemas.microsoft.com/PlayReady/ActivationService/v1/Activate"Content-Length: 3580Host: activation2.playready.microsoft.com

Source: Video.UI.exe, 00000001.00000003.2284482564.000001BDE965B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dmd-ca-beta2/CertEnroll/Microsoft%20Digital%20Media%20Authority%202005.crl
Source: Video.UI.exe, 00000001.00000003.2284482564.000001BDE965B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dmd-ca-beta2/CertEnroll/dmd-ca-beta2_Microsoft%20Digital%20Media%20Authority%202005.crt0d
Source: Video.UI.exe, 00000001.00000002.3415909213.000001BDD1C2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://json-schema.org/draft-04/schema
Source: Video.UI.exe, 00000001.00000003.2284876640.000001BDE9413000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/http
Source: Video.UI.exe, 00000001.00000003.2168665509.000001BDDEC22000.00000004.00000020.00020000.00000000.sdmp, Video.UI.exe, 00000001.00000002.3428470011.000001BDDE83B000.00000004.00000020.00020000.00000000.sdmp, Video.UI.exe, 00000001.00000003.2164458588.000001BDDE802000.00000004.00000020.00020000.00000000.sdmp, Asana for L&D.mp4	String found in binary or memory: http://www.videolan.org/x264.html
Source: Video.UI.exe, 00000001.00000002.3425484528.000001BDDE61B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.windows.local
Source: Video.UI.exe, 00000001.00000002.3425484528.000001BDDE61B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.windows.local/
Source: Video.UI.exe, 00000001.00000002.3420824743.000001BDD8396000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.windows.net
Source: Video.UI.exe, 00000001.00000002.3420824743.000001BDD8396000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.windows.net/
Source: Video.UI.exe, 00000001.00000002.3423719141.000001BDDD9EC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://musicimage.xboxlive.comtBeforeRS2ent/v10_video/configuration.xml
Source: Video.UI.exe, 00000001.00000002.3426365192.000001BDDE751000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://settings-ssl.xboxlive.com/XBLWinClient/v10_video/configuration.xml
Source: Video.UI.exe, 00000001.00000002.3420824743.000001BDD8396000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://xsts.auth.xboxlive.com
Source: Video.UI.exe, 00000001.00000002.3420824743.000001BDD8396000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://xsts.auth.xboxlive.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443

Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:49722 version: TLS 1.2

Source: classification engine

Classification label: clean2.winMP4@1/15@1/1

Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe

File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\

Jump to behavior

Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: d2d1.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: sharedui.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: vccorlib140_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: msvcp140_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: concrt140_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: vcruntime140_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: vcruntime140_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: msvcp140_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: vcruntime140_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: concrt140_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: vcruntime140_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: windows.ui.xaml.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: windows.staterepositorycore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: rometadata.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: windows.applicationmodel.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: esent.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: windows.storage.applicationdata.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: threadpoolwinrt.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: windows.globalization.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: clipc.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: mrmcorer.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: windows.staterepositoryclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: windows.ui.xaml.controls.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: windows.shell.servicehostbuilder.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: execmodelproxy.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: uiamanager.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: windows.ui.core.textinput.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: windows.ui.immersive.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: windows.system.profile.retailinfo.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: windows.media.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: windows.graphics.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: windows.ui.xaml.phone.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: twinapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: windows.energy.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: windows.networking.connectivity.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: windows.devices.enumeration.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: directmanipulation.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: wuceffects.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: profext.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: windows.media.playback.mediaplayer.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: mfplat.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: rtworkq.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: windows.media.mediacontrol.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: mfmediauser.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: audioses.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: windows.media.devices.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: windows.media.playback.proxystub.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: devdispitemprovider.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: windows.web.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: ddores.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: defaultdevicemanager.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: comppkgsup.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: mfmp4srcsnk.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: mfcore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: ksuser.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: avrt.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: mfsvr.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: msvproc.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: msauddecmft.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: mfperfhelper.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: resampledmo.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: msdmo.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: msmpeg2vdec.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: windows.graphics.display.brightnessoverride.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: windows.graphics.display.displayenhancementoverride.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: mscms.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: coloradapterclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: wpnapps.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: windows.media.protection.playready.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: msxml6.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: windows.networking.backgroundtransfer.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: systemeventsbrokerclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: windows.applicationmodel.lockscreen.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: wincorlib.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: lockappbroker.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: windows.security.authentication.web.core.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: microsoftaccountwamextension.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: windows.applicationmodel.background.timebroker.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: biwinrt.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: cryptnet.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: gnsdk_fp.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: mf.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Section loaded: mfps.dll	Jump to behavior

Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Asana for L&D.mp4

Static file information: File size 7134564 > 1048576

Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe

Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate

Jump to behavior

Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe

File opened: PhysicalDrive0

Jump to behavior

Source: Video.UI.exe, 00000001.00000002.3420881616.000001BDD83F9000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW

Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edbtmp.log VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edbtmp.log VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edbres00001.jrs VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edbres00002.jrs VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.chk VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.jfm VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\tmp.edb VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Resources\Fonts\SegMVR2.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Resources\Fonts\SegMVR2.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Resources\Fonts\SegMVR2.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Resources\Fonts\SegMVR2.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Resources\Fonts\SegMVR2.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\SRPData.xml VolumeInformation	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Masquerading	OS Credential Dumping	1 Query Registry	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Virtualization/Sandbox Evasion	LSASS Memory	11 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 DLL Side-Loading	Security Account Manager	1 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	21 System Information Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://login.windows.local	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false		unknown
settings-ssl.xboxlive.com	unknown	unknown	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://login.windows.local	Video.UI.exe, 00000001.00000002.3425484528.000001BDDE61B000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://login.windows.net	Video.UI.exe, 00000001.00000002.3420824743.000001BDD8396000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://login.windows.net/	Video.UI.exe, 00000001.00000002.3420824743.000001BDD8396000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://schemas.xmlsoap.org/soap/http	Video.UI.exe, 00000001.00000003.2284876640.000001BDE9413000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://dmd-ca-beta2/CertEnroll/dmd-ca-beta2_Microsoft%20Digital%20Media%20Authority%202005.crt0d	Video.UI.exe, 00000001.00000003.2284482564.000001BDE965B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://xsts.auth.xboxlive.com	Video.UI.exe, 00000001.00000002.3420824743.000001BDD8396000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.videolan.org/x264.html	Video.UI.exe, 00000001.00000003.2168665509.000001BDDEC22000.00000004.00000020.00020000.00000000.sdmp, Video.UI.exe, 00000001.00000002.3428470011.000001BDDE83B000.00000004.00000020.00020000.00000000.sdmp, Video.UI.exe, 00000001.00000003.2164458588.000001BDDE802000.00000004.00000020.00020000.00000000.sdmp, Asana for L&D.mp4	false		unknown
https://settings-ssl.xboxlive.com/XBLWinClient/v10_video/configuration.xml	Video.UI.exe, 00000001.00000002.3426365192.000001BDDE751000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://json-schema.org/draft-04/schema	Video.UI.exe, 00000001.00000002.3415909213.000001BDD1C2C000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://login.windows.local/	Video.UI.exe, 00000001.00000002.3425484528.000001BDDE61B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://musicimage.xboxlive.comtBeforeRS2ent/v10_video/configuration.xml	Video.UI.exe, 00000001.00000002.3423719141.000001BDDD9EC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://dmd-ca-beta2/CertEnroll/Microsoft%20Digital%20Media%20Authority%202005.crl	Video.UI.exe, 00000001.00000003.2284482564.000001BDE965B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://xsts.auth.xboxlive.com/	Video.UI.exe, 00000001.00000002.3420824743.000001BDD8396000.00000004.00000020.00020000.00000000.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
13.107.246.45	s-part-0017.t-0009.t-msedge.net	United States		8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1525208
Start date and time:	2024-10-03 21:26:46 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 49s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Asana for L&D.mp4
Detection:	CLEAN
Classification:	clean2.winMP4@1/15@1/1
Cookbook Comments:	Found application associated with file extension: .mp4

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, audiodg.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.28.89.167, 88.221.168.8
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, e87.dspb.akamaiedge.net, activation2.playready.microsoft.com, fe3cr.delivery.mp.microsoft.com, e11290.dspg.akamaiedge.net, go.microsoft.com, ocsp.digicert.com, star-azurefd-prod.trafficmanager.net, go.microsoft.com.edgekey.net, settings-ssl.xboxlive.com.edgekey.net, traf-activation-global.trafficmanager.net
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtOpenKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: Asana for L&D.mp4

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
13.107.246.45	https://pcefan.com/diary/index.php?st-manager=1&path=/click/track&id=4973&type=ranking&url=http://nam.dcv.ms/BxPVLH2cz4	Get hash	malicious	HTMLPhisher	Browse	nam.dcv.ms/BxPVLH2cz4

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
s-part-0017.t-0009.t-msedge.net	https://www.ccjm.org/highwire_log/share/mendeley?link=https://onpro.info	Get hash	malicious	Unknown	Browse	13.107.246.45
	https://auth-owlting.com/enterprise/core.js	Get hash	malicious	Unknown	Browse	13.107.246.45
	https://www.salarytoolint.net/lam/c650d2e0-ca12-4bbd-8ff2-35011d35d0af/a717ea91-20df-42de-8c6b-2dc111827916/c05902dd-1112-4a4c-81f2-0bf48471902f/login?id=eHFCV2l4bzZWNDNkSEk1T2EvVTd3dkoyNlIxaUJuY3g1TWRhbmM2MlF4S01yN2FZOXVoV2F1TUloUFJzQWwvREl6cFB2SEpPbHdRUENta1E2UXM3MW10MllxU1N6eGZmUktOdWgwMG5IcnVNRlhpTkpMb1pzczZIK1NBaGdHd1J5V1BjeW4zbXU4enczMDRvekpNUHlEZEJxVkNqVjVZNU5HWnNVeEpKTjgvblZBMUVQbHUxL1FLcVhCcHV6RUtQeDluUFFqQXlNRWJKSjZRZGRtQ1VwbEpHQkE1VU1EZ2hxMnQzSWdMWGthWFhqZTVOVy9wUlRyaXJoMzd6eGV6N2p1YUMrVGxORzdwQTNZeExtbGNvUFZ4bU1zU2lUcnJhRDdMMVFLaWtDWUZoeVpvdWphTVFwa1ZobTkzVEdWSisvSEVxQk82blo5TEhSdmowcDhra2dJNzFZcW5ra1FtRlY4azV5MkVrQjdVaGtPZFpCNWdrN214dEZBV21BTlZEY3FteVVCTGNzYVBTZDNhNXVIeEl1VTdXZ2tpL2RiOVhWeEZPWHhsLzNia0h0NVpCdVI4TVYvVzZiUHpKZnp4VQ	Get hash	malicious	Unknown	Browse	13.107.246.45
	https://wvr4dgzxxavl6jjpq7rl.igortsaplin.pro/WFzFCiNx	Get hash	malicious	HTMLPhisher	Browse	13.107.246.45
	https://www.calameo.com/read/0077804248b46bb5a7c19	Get hash	malicious	HtmlDropper	Browse	13.107.246.45
	https://secured.viewonlineportalshared.com/	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	13.107.246.45
	http://reviewnewdocuments.wordpress.com/	Get hash	malicious	Unknown	Browse	13.107.246.45
	0a839761915d.exe	Get hash	malicious	LummaC	Browse	13.107.246.45
	http://bernas-medical-com.powerappsportals.com	Get hash	malicious	Unknown	Browse	13.107.246.45
	Notaire-document.html	Get hash	malicious	Unknown	Browse	13.107.246.45

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
MICROSOFT-CORP-MSN-AS-BLOCKUS	https://www.salarytoolint.net/lam/c650d2e0-ca12-4bbd-8ff2-35011d35d0af/a717ea91-20df-42de-8c6b-2dc111827916/c05902dd-1112-4a4c-81f2-0bf48471902f/login?id=eHFCV2l4bzZWNDNkSEk1T2EvVTd3dkoyNlIxaUJuY3g1TWRhbmM2MlF4S01yN2FZOXVoV2F1TUloUFJzQWwvREl6cFB2SEpPbHdRUENta1E2UXM3MW10MllxU1N6eGZmUktOdWgwMG5IcnVNRlhpTkpMb1pzczZIK1NBaGdHd1J5V1BjeW4zbXU4enczMDRvekpNUHlEZEJxVkNqVjVZNU5HWnNVeEpKTjgvblZBMUVQbHUxL1FLcVhCcHV6RUtQeDluUFFqQXlNRWJKSjZRZGRtQ1VwbEpHQkE1VU1EZ2hxMnQzSWdMWGthWFhqZTVOVy9wUlRyaXJoMzd6eGV6N2p1YUMrVGxORzdwQTNZeExtbGNvUFZ4bU1zU2lUcnJhRDdMMVFLaWtDWUZoeVpvdWphTVFwa1ZobTkzVEdWSisvSEVxQk82blo5TEhSdmowcDhra2dJNzFZcW5ra1FtRlY4azV5MkVrQjdVaGtPZFpCNWdrN214dEZBV21BTlZEY3FteVVCTGNzYVBTZDNhNXVIeEl1VTdXZ2tpL2RiOVhWeEZPWHhsLzNia0h0NVpCdVI4TVYvVzZiUHpKZnp4VQ	Get hash	malicious	Unknown	Browse	13.107.246.45
	https://wvr4dgzxxavl6jjpq7rl.igortsaplin.pro/WFzFCiNx	Get hash	malicious	HTMLPhisher	Browse	13.107.246.44
	http://reviewnewdocuments.wordpress.com/	Get hash	malicious	Unknown	Browse	150.171.27.10
	75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb.7z	Get hash	malicious	Unknown	Browse	13.69.116.107
	http://bernas-medical-com.powerappsportals.com	Get hash	malicious	Unknown	Browse	13.107.253.72
	voicemaiVOIP_1002202474911222280000000082autoresponse.htm	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
	Stager.exe	Get hash	malicious	Unknown	Browse	13.107.246.60
	https://trello.com/c/HA4sCE32	Get hash	malicious	HTMLPhisher	Browse	150.171.28.10
	https://drmerp.com/bWFpbEBrc2xhdy5jby51aw==&xBvSo7gjDRPy&hmr&x-ad-vt-unk&OC305935	Get hash	malicious	HTMLPhisher	Browse	20.162.120.23
	phish_alert_sp2_2.0.0.0.eml	Get hash	malicious	Phisher	Browse	52.109.32.47

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	carrier_ratecon.exe	Get hash	malicious	LummaC	Browse	13.107.246.45
	https://www.ccjm.org/highwire_log/share/mendeley?link=https://onpro.info	Get hash	malicious	Unknown	Browse	13.107.246.45
	file.exe	Get hash	malicious	Unknown	Browse	13.107.246.45
	https://auth-owlting.com/enterprise/core.js	Get hash	malicious	Unknown	Browse	13.107.246.45
	https://www.salarytoolint.net/lam/c650d2e0-ca12-4bbd-8ff2-35011d35d0af/a717ea91-20df-42de-8c6b-2dc111827916/c05902dd-1112-4a4c-81f2-0bf48471902f/login?id=eHFCV2l4bzZWNDNkSEk1T2EvVTd3dkoyNlIxaUJuY3g1TWRhbmM2MlF4S01yN2FZOXVoV2F1TUloUFJzQWwvREl6cFB2SEpPbHdRUENta1E2UXM3MW10MllxU1N6eGZmUktOdWgwMG5IcnVNRlhpTkpMb1pzczZIK1NBaGdHd1J5V1BjeW4zbXU4enczMDRvekpNUHlEZEJxVkNqVjVZNU5HWnNVeEpKTjgvblZBMUVQbHUxL1FLcVhCcHV6RUtQeDluUFFqQXlNRWJKSjZRZGRtQ1VwbEpHQkE1VU1EZ2hxMnQzSWdMWGthWFhqZTVOVy9wUlRyaXJoMzd6eGV6N2p1YUMrVGxORzdwQTNZeExtbGNvUFZ4bU1zU2lUcnJhRDdMMVFLaWtDWUZoeVpvdWphTVFwa1ZobTkzVEdWSisvSEVxQk82blo5TEhSdmowcDhra2dJNzFZcW5ra1FtRlY4azV5MkVrQjdVaGtPZFpCNWdrN214dEZBV21BTlZEY3FteVVCTGNzYVBTZDNhNXVIeEl1VTdXZ2tpL2RiOVhWeEZPWHhsLzNia0h0NVpCdVI4TVYvVzZiUHpKZnp4VQ	Get hash	malicious	Unknown	Browse	13.107.246.45
	https://wvr4dgzxxavl6jjpq7rl.igortsaplin.pro/WFzFCiNx	Get hash	malicious	HTMLPhisher	Browse	13.107.246.45
	https://www.calameo.com/read/0077804248b46bb5a7c19	Get hash	malicious	HtmlDropper	Browse	13.107.246.45
	http://usaf.gov.ss	Get hash	malicious	Unknown	Browse	13.107.246.45
	file.exe	Get hash	malicious	Credential Flusher	Browse	13.107.246.45
	https://livelovelead.coach/wp-admin/readme.html	Get hash	malicious	Phisher	Browse	13.107.246.45

Process:	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1520
Entropy (8bit):	5.0183726539703795
Encrypted:	false
SSDEEP:	24:2dzI4+uTOBzpoD2h9f0lM702X9bh9q02Xiwqh9U02XiSbh9Uydq2X4h9Uy72Xyh2:cK88z2D2ff97DtbfqDtqfUD9bfUywBfW
MD5:	E72FC6D9DAF66E2D8BC9FE37BE8CE4D8
SHA1:	667F95190910D5841E4531330001423CBB8E2030
SHA-256:	B5CCAFA927AF87CEA7E85A2D197C2E841E557B87900665C12FA6F8059B8B9356
SHA-512:	5D56979DBDB586601570DB6AEE666EA1DF489F3EB25285DEDC4A216834955E590158058D6B0C23D084C6C059AD91CF7B7FC32436E572693A96527F3D6E14160C
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	<?xml version="1.0" encoding="utf-8"?>..<clientConfiguration xmlns="http://schemas.microsoft.com/XblWinClient/2012/03" version="1">.. <targetedClient>XblWinClient</targetedClient > .. <rights>Copyright (c) Microsoft Corporation. All rights reserved.</rights>.. <configuration name="Playback" minBuild="16122.1018">.. <property name="UseAdaptiveMediaSourcePercent" value="50" type="int32"/>.. <property name="UseDashContentForMBRSourcePercent" value="100" type="int32"/>.. </configuration>.. <configuration name="Playback" minBuild="16122.1018" maxBuild="17032.1033">.. <property name="UseDashContentForMBRSourcePercentBeforeRS2" value="0" type="int32"/>.. </configuration>.. <configuration name="Playback" minBuild="17032.1034">.. <property name="UseDashContentForMBRSourcePercentBeforeRS2" value="100" type="int32"/>.. </configuration>.. <configuration name="Groveler" minBuild="17063.0" maxBuild="17082.9999">..

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalCache\PlayReady\Cache\msprcore.bla

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe
File Type:	RAGE Package Format (RPF),
Category:	dropped
Size (bytes):	5113
Entropy (8bit):	6.062691801002137
Encrypted:	false
SSDEEP:	96:m5CHvnzJ6vXM7R4co/4BNMYVUXiksiGAshzcEeZ4Y/v3QZMhMKUVe0:mCI62T8LQifiDa00
MD5:	6BB5B6415C832AC5AE14C32FAF3ADD6E
SHA1:	C24836E234411F499EF04961B8A7C1A095AC2458
SHA-256:	E2E1A96B0698741E4EF2802401F8BF949C2E4A4DBBAFBC108C94235EC4889EA7
SHA-512:	2273286938A870ED15FB064FA9BD9AA8429B5352098452C847764AF2BFBCC09EFB84AF3F5B1CC4035FEFDA2F09A06E10B4478764DB5CFF7A322138D6950959D6
Malicious:	false
Reputation:	low
Preview:	PRKF...................................,....................ED...r.}...rg;.........\|.......@..z...K.d........k.@..mqd...._.....!.@.}.#..d..\2..mA%.....(,W.r....\|... ..)..k3.M.....H..==OQ.v............<.......QE.........Ak...?.l.4l.............................................@v.w-.+..J3..u..Mo.0!....L@..dA...HOr.\|<..e0o.N2...[Bt.e.).z................ ;..E.yI.b......&7.W}U.9R=.)y..i.%.1.I....~.e...................@........T..._1Gar,;.B.E0;...}.Z..G.yq.e.<\Y..&..q.O.. .Z...E........... .f#.V........X....B0....a....... ..-F..q....M...................@..z...K.d........k.@..mqd...._.....!.@.}.#..d..\2..mA%.....(,W...........A......9..m..PM...TF..A.......{>J.y.V.%.O...u...eHE.n.<t...O.?.B...b..R.F..%A5J"4...........P.......@CHAI.......@........CERT...................X........TMO.6..............j...k...........I;..sX..."..L..............................(...<.............................................................T..._1Gar,;.B.E0;...}.Z..G.yq.e.<\Y..&..q.O.. .

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalCache\PlayReady\mspr.hds

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe
File Type:	data
Category:	dropped
Size (bytes):	528384
Entropy (8bit):	0.012996623626609086
Encrypted:	false
SSDEEP:	12:2abnm8jIyBPtV0wfDXECEeUAlcv8jv6kzmkqkO83n0:2Enme9JflttOCtu83n0
MD5:	5B56895366934B4E392F7A06390503FF
SHA1:	C71A2994C2039B418AFD53EA0086C8B2DF2FBB3C
SHA-256:	5236B74B7BCF012141540B8FD36F76478BCA069AE5210CEA5666D02BE3EE2FF6
SHA-512:	1037CEE5CB678E300211AD50D6656DF3B91065C0AE34214EF2761A1087EC523FCE02C81CD032F3D2CF1D6CEE540942F93FC7CF7DB6A65781FCD5C814F3EBF243
Malicious:	false
Reputation:	low
Preview:	........A.s..%-.i...0..............W....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe
File Type:	Extensible storage user DataBase, version 0x620, checksum 0x2dc7a131, page size 8192, DirtyShutdown, Windows version 10.0
Category:	dropped
Size (bytes):	3670016
Entropy (8bit):	0.11496880129781355
Encrypted:	false
SSDEEP:	1536:XSh2WKY8kLgTC0/k63bBu7fhWxhSh2HKY8ksyDFqfOpgTC0/k63bBu7fhWx1WKe+:X6RLU6ULu
MD5:	AFD37A60727F639FA64FF1200B46FDD6
SHA1:	572D3F8CACAC95F6ED2AA3DFD400522CF09BF2DD
SHA-256:	CB1878B8D88AACFE1843FFB5F315CE8ACF596EC893B8B4BAC3628374040EDAAF
SHA-512:	5C05DED987BF9072C9A74C65BC1817BF13CB4B67FCF8B3822CD1574A7F612D7597A4F7F3D07DB8B3DDA212132B706D686763BF824331B7E9C699F8111B09439B
Malicious:	false
Reputation:	low
Preview:	-.1... .......-.........q.....\|..........................................\|#.h...................................\|O.........................................................................................................eJ........... ...................................................................................................... ...........\|O.............................................................................................................................................................................................,....\|......................................,....\|.....................*....\|..........................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.jfm

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe
File Type:	data
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.04755216778034976
Encrypted:	false
SSDEEP:	3:9F0lH+ny/lFZY+SlXlbwPJmvZy/lall:9F0Uy/t6BZy/A
MD5:	6C39E615BCC74DEC4F4CCA0B62B560DF
SHA1:	9A7F8A1CBF5E2AA28573DFAB6C3DF1C7C5574BC9
SHA-256:	38ADCA7E92B1D2B35DD67266673926D70A628BEFB83BFE872213730C252CB036
SHA-512:	2C9591C83C81F821E63759A1B2F88E9D6408E28A7CFE85CF7804A710F097B779409007B97D3E9A5602C9F0DA6EB3DABBA2E61F96C0798D537174494A6AF59068
Malicious:	false
Reputation:	low
Preview:	..c.........................................\|......\|......................\|............<c....\|a....................*....\|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.chk

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.6326314028271252
Encrypted:	false
SSDEEP:	24:/kFpPaUO/6PaUO/WCkFpPaUO/6PaUO/W:/kFpiUOiiUOXkFpiUOiiUO
MD5:	DD1786C04DBA6E487DABC2AE420FFF1A
SHA1:	39D284F817FFD18AF6E2307849A7E8CD2C64CDC0
SHA-256:	751940C671AB0139AB529B42BC6B1EF7BFE24E16DBA35BFF682A42CF3363F35A
SHA-512:	B79A84B511D5ADE54CE534FBDE2357ABB373568DA5B81B5C60FF676BCA8106C06F0F19C33210DE8ADC944004C6352460E42062C963D520F1D865FE377CF092E7
Malicious:	false
Reputation:	low
Preview:	..#`....................*....\|O.................C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\............................................................................................................................................................C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\.............................................................................................................................................................0u..,.....................5w.................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe
File Type:	data
Category:	dropped
Size (bytes):	2097152
Entropy (8bit):	0.6849726708675847
Encrypted:	false
SSDEEP:	1536:b13UR1dTEBmHl3Dulfugaa+ciyAzWYEJS1BiNc8+fO4ot68A15G8AZ5yeh0G32f/:b13URLDL/OZFFL0WCtqWm8
MD5:	8EDCC1C6139B965D8E798F5B99C77542
SHA1:	BD4E17377A84CF6C6C4A85368250A0DFA6507DBD
SHA-256:	F1A4364B277C35210E874010A2BA973F222745CF5D43DE64B08644C9D5A3D8B4
SHA-512:	CB81A9227CF5128650ECE55B18713132E7FCA44160993B60965C472718C72C3BECA12D8438C78A07B4B3180C16409A66F0A9FB0BED3E5C233F73FAE20883159F
Malicious:	false
Reputation:	low
Preview:	..\M........... ....\|O.............................\|O.................C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\............................................................................................................................................................C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\.............................................................................................................................................................0u..,.....................5w.......................................#.................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edbres00001.jrs

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe
File Type:	data
Category:	dropped
Size (bytes):	2097152
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	B2D1236C286A3C0704224FE4105ECA49
SHA1:	7D76D48D64D7AC5411D714A4BB83F37E3E5B8DF6
SHA-256:	5647F05EC18958947D32874EEB788FA396A05D0BAB7C1B71F112CEB7E9B31EEE
SHA-512:	731859029215873FDAC1C9F2F8BD25A334ABF0F3A9E1B057CF2CACC2826D86B0C26A3FA920A936421401C0471F38857CB53BA905489EA46B185209FDFF65B3B6
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edbres00002.jrs

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe
File Type:	data
Category:	dropped
Size (bytes):	2097152
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	B2D1236C286A3C0704224FE4105ECA49
SHA1:	7D76D48D64D7AC5411D714A4BB83F37E3E5B8DF6
SHA-256:	5647F05EC18958947D32874EEB788FA396A05D0BAB7C1B71F112CEB7E9B31EEE
SHA-512:	731859029215873FDAC1C9F2F8BD25A334ABF0F3A9E1B057CF2CACC2826D86B0C26A3FA920A936421401C0471F38857CB53BA905489EA46B185209FDFF65B3B6
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edbtmp.log

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe
File Type:	data
Category:	dropped
Size (bytes):	2097152
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	B2D1236C286A3C0704224FE4105ECA49
SHA1:	7D76D48D64D7AC5411D714A4BB83F37E3E5B8DF6
SHA-256:	5647F05EC18958947D32874EEB788FA396A05D0BAB7C1B71F112CEB7E9B31EEE
SHA-512:	731859029215873FDAC1C9F2F8BD25A334ABF0F3A9E1B057CF2CACC2826D86B0C26A3FA920A936421401C0471F38857CB53BA905489EA46B185209FDFF65B3B6
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\tmp.edb

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe
File Type:	Extensible storage user DataBase, version 0x620, checksum 0x80870812, page size 8192, JustCreated, Windows version 0.0
Category:	dropped
Size (bytes):	262144
Entropy (8bit):	0.1419326057670843
Encrypted:	false
SSDEEP:	768:M2gAhY+VxEyVjqaytqxUSYQHDmit8UPcim:zhY+VxEyVjqaytqxUSYQHDmit8UPcim
MD5:	411C0D09DD4F98A14681325D9FD884A7
SHA1:	535B1E97215BFAC9915EC9BA2D5275BCA29C7CC9
SHA-256:	A4BFA8C02EF159456731EE873C8E7B9D1DF48F90108E5E434365B29F06F1C9AB
SHA-512:	FF7714DDF4E7B2B3305EADEECA71A7A1DA1580E3854B73C9F96EB718C77292ACACE0834383B18998AC303271C30865D1A78FEB875155A743193225A4229BEB41
Malicious:	false
Preview:	....... .......@........V..+....\|........................................................................................................................................................................................................... ...................................................................................................... .....................................................................................................................................................................................................................................................(+....\|......................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\SRPData.xml (copy)

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	264
Entropy (8bit):	4.855631195741798
Encrypted:	false
SSDEEP:	6:e28IqUHeE7PnC8vPNhy5mOd7rYEGmNrDnb:eCznv3OdgFsrDnb
MD5:	A56F3DA092B79D1FFB23B876662CCFE7
SHA1:	9E122CF0C05BF77CEDA9FD2C1E1FF48E15CC92E9
SHA-256:	89A06FC84F4F317FA08BA94FE27163E8B3F39D10AE777BF3EF29ECE784A3F431
SHA-512:	91093BF2A0CC179C27CD6360696C4E641325F3F7D147C99FF1B44281D04CBCEA2B52FB5696A7BC8D7F3B3FCAF5C3853940D87551246FD54644F1AF1514C9D92F
Malicious:	false
Preview:	<SRPData version="1" sessionId="1"><Outcomes><Outcome id="videoCompleted" timesOccurred="0" /></Outcomes><Threshold launches="1" daysLaunched="1" dayOfLastLaunch="3" monthOfLastLaunch="10" yearOfLastLaunch="2024" userHasAccepted="false" timesPolled="0"/></SRPData>

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\SRPData.xml.~tmp

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	264
Entropy (8bit):	4.855631195741798
Encrypted:	false
SSDEEP:	6:e28IqUHeE7PnC8vPNhy5mOd7rYEGmNrDnb:eCznv3OdgFsrDnb
MD5:	A56F3DA092B79D1FFB23B876662CCFE7
SHA1:	9E122CF0C05BF77CEDA9FD2C1E1FF48E15CC92E9
SHA-256:	89A06FC84F4F317FA08BA94FE27163E8B3F39D10AE777BF3EF29ECE784A3F431
SHA-512:	91093BF2A0CC179C27CD6360696C4E641325F3F7D147C99FF1B44281D04CBCEA2B52FB5696A7BC8D7F3B3FCAF5C3853940D87551246FD54644F1AF1514C9D92F
Malicious:	false
Preview:	<SRPData version="1" sessionId="1"><Outcomes><Outcome id="videoCompleted" timesOccurred="0" /></Outcomes><Threshold launches="1" daysLaunched="1" dayOfLastLaunch="3" monthOfLastLaunch="10" yearOfLastLaunch="2024" userHasAccepted="false" timesPolled="0"/></SRPData>

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	1.8907974577265938
Encrypted:	false
SSDEEP:	96:DJTEeEJ00dDH/ntMUmnFBiKbPfV/CqqXH8S5sPkx/qV69L6ofz:VTEeEPH/tMUmjbPf6iPqqV69L
MD5:	D1E2C146722310A82A58C70CA4CC5F55
SHA1:	9B3758B5875789D50552FBFACAE411E734C66B90
SHA-256:	A7F97E31748A7809AD6E355510B09CB79F267F25264D81B97D9239B9112CD751
SHA-512:	B23E4DEBC34AD79E3E9B231E4DF75DF3BA768ECE9ECBE6E7A9F416D28B2D7AC5B3F15F16F555FC8817FF237648700D5546311022E8859071FEEF72FB662F7F9A
Malicious:	false
Preview:	regf........b.Q.7.................. .... ......y.b.3.d.8.b.b.w.e.\.S.e.t.t.i.n.g.s.\.s.e.t.t.i.n.g.s...d.a.t...y..j.....J.....y..j.....J.........z..j.....J.....rmtm.?.Q............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat.LOG1

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	2.419909775809608
Encrypted:	false
SSDEEP:	96:YJTEeEJ00dDH/ntMUmnFBiKbPfV/CqqXH8S5sPkx/qV69L6ofz:8TEeEPH/tMUmjbPf6iPqqV69L
MD5:	D655048714316F4A38F1A510CF724164
SHA1:	57C6CD617911E1F29DD6F2D636535EC5D661FFE7
SHA-256:	EBB98D0640B9FF43C5AC5A5459704093AC7B437DAEC00472A8A8E8316E84249C
SHA-512:	3143C17E2FC740F9FC31E5D238A210FED7CF9B36DA2361800D57D8FC783944A483A35600EAA81A293CC5C11F054FF70ED117D64021B7F3E50872C9C392802DE2
Malicious:	false
Preview:	regf........b.Q.7.................. .... ......y.b.3.d.8.b.b.w.e.\.S.e.t.t.i.n.g.s.\.s.e.t.t.i.n.g.s...d.a.t...y..j.....J.....y..j.....J.........z..j.....J.....rmtm.?.Q....................................................................................................................................................................................................................................................................................................................................................HvLE............. ........V0..9R^....Sz..... ..hbin................b.Q.7..........nk,.T...7..................................x...............................Test....p...sk..h...h.......t.......H...X.............4.........?.......................?....................... ... ...............YQ..fr]%dc;.............nk ...X....................(...............h...............................Configuration...p...sk..x...x.......t.......H...X.............4.........?.......................

Static File Info

General

File type:	ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
Entropy (8bit):	7.931620380167792
TrID:	MPEG-4 Video (70008/3) 36.55% iPhone Ringtone (63007/2) 32.90% 3GPP2 multimedia audio/video (48507/2) 25.33% QuickTime Movie (5001/1) 2.61% Generic MP4 container (3007/2) 1.57%
File name:	Asana for L&D.mp4
File size:	7'134'564 bytes
MD5:	1df19920d9f0e2fad221b8d104c960e5
SHA1:	d420544bc864849478567d9b6ef6c03c3ca39d2e
SHA256:	723b2b9fd3570fc2b9f879987d6352e066a91f683e6fba5a8fa8ed41030223fd
SHA512:	c3e11a1cfdf3cf1770362f6c9411965a060f24dacc15efd5b0ac7b51262c4ecfd93552a0ff3c2e3fc354913a22db1ca721c61a901c8de13dd0e78db6cbece9df
SSDEEP:	196608:fnB7N6R3APZjQYUkMTGLaVWtE8ouHNAMBL5iujiB:PBh6R3U1QNjmOWtdHNHBdNmB
TLSH:	B276124517C9650EFF70CFF0C683871AB565C500EA1B2FEFB801AA24EDA579AAC456F0
File Content Preview:	... ftypisom....isomiso2avc1mp41..).moov...lmvhd..................{k................................................@...................................trak...\tkhd......................{k................................................@........8.....$edt

File Icon


Icon Hash:	74f0dcc4c4c4e0e4

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 3, 2024 21:27:56.300417900 CEST	49720	443	192.168.2.6	13.107.246.45
Oct 3, 2024 21:27:56.300462961 CEST	443	49720	13.107.246.45	192.168.2.6
Oct 3, 2024 21:27:56.301460028 CEST	49720	443	192.168.2.6	13.107.246.45
Oct 3, 2024 21:27:56.301712990 CEST	49720	443	192.168.2.6	13.107.246.45
Oct 3, 2024 21:27:56.301729918 CEST	443	49720	13.107.246.45	192.168.2.6
Oct 3, 2024 21:27:56.985034943 CEST	443	49720	13.107.246.45	192.168.2.6
Oct 3, 2024 21:27:56.985125065 CEST	49720	443	192.168.2.6	13.107.246.45
Oct 3, 2024 21:27:56.986481905 CEST	49720	443	192.168.2.6	13.107.246.45
Oct 3, 2024 21:27:56.986490965 CEST	443	49720	13.107.246.45	192.168.2.6
Oct 3, 2024 21:27:56.986824036 CEST	443	49720	13.107.246.45	192.168.2.6
Oct 3, 2024 21:27:56.987576008 CEST	49720	443	192.168.2.6	13.107.246.45
Oct 3, 2024 21:27:57.031400919 CEST	443	49720	13.107.246.45	192.168.2.6
Oct 3, 2024 21:27:57.148296118 CEST	443	49720	13.107.246.45	192.168.2.6
Oct 3, 2024 21:27:57.148361921 CEST	443	49720	13.107.246.45	192.168.2.6
Oct 3, 2024 21:27:57.148782969 CEST	443	49720	13.107.246.45	192.168.2.6
Oct 3, 2024 21:27:57.155169010 CEST	49720	443	192.168.2.6	13.107.246.45
Oct 3, 2024 21:27:57.226329088 CEST	49720	443	192.168.2.6	13.107.246.45
Oct 3, 2024 21:27:57.226353884 CEST	443	49720	13.107.246.45	192.168.2.6
Oct 3, 2024 21:27:57.226397038 CEST	49720	443	192.168.2.6	13.107.246.45
Oct 3, 2024 21:27:57.226404905 CEST	443	49720	13.107.246.45	192.168.2.6
Oct 3, 2024 21:27:57.628355980 CEST	49722	443	192.168.2.6	13.107.246.45
Oct 3, 2024 21:27:57.628390074 CEST	443	49722	13.107.246.45	192.168.2.6
Oct 3, 2024 21:27:57.628508091 CEST	49722	443	192.168.2.6	13.107.246.45
Oct 3, 2024 21:27:57.646815062 CEST	49722	443	192.168.2.6	13.107.246.45
Oct 3, 2024 21:27:57.646828890 CEST	443	49722	13.107.246.45	192.168.2.6
Oct 3, 2024 21:27:58.317466021 CEST	443	49722	13.107.246.45	192.168.2.6
Oct 3, 2024 21:27:58.317542076 CEST	49722	443	192.168.2.6	13.107.246.45
Oct 3, 2024 21:27:58.318537951 CEST	49722	443	192.168.2.6	13.107.246.45
Oct 3, 2024 21:27:58.318545103 CEST	443	49722	13.107.246.45	192.168.2.6
Oct 3, 2024 21:27:58.318871021 CEST	443	49722	13.107.246.45	192.168.2.6
Oct 3, 2024 21:27:58.326838017 CEST	49722	443	192.168.2.6	13.107.246.45
Oct 3, 2024 21:27:58.326838017 CEST	49722	443	192.168.2.6	13.107.246.45
Oct 3, 2024 21:27:58.326941967 CEST	443	49722	13.107.246.45	192.168.2.6
Oct 3, 2024 21:27:58.522567987 CEST	443	49722	13.107.246.45	192.168.2.6
Oct 3, 2024 21:27:58.522638083 CEST	443	49722	13.107.246.45	192.168.2.6
Oct 3, 2024 21:27:58.522722960 CEST	443	49722	13.107.246.45	192.168.2.6
Oct 3, 2024 21:27:58.522762060 CEST	49722	443	192.168.2.6	13.107.246.45
Oct 3, 2024 21:27:58.522777081 CEST	443	49722	13.107.246.45	192.168.2.6
Oct 3, 2024 21:27:58.522792101 CEST	49722	443	192.168.2.6	13.107.246.45
Oct 3, 2024 21:27:58.522856951 CEST	49722	443	192.168.2.6	13.107.246.45
Oct 3, 2024 21:27:58.568980932 CEST	49722	443	192.168.2.6	13.107.246.45
Oct 3, 2024 21:27:58.569005013 CEST	443	49722	13.107.246.45	192.168.2.6
Oct 3, 2024 21:27:58.569019079 CEST	49722	443	192.168.2.6	13.107.246.45
Oct 3, 2024 21:27:58.569024086 CEST	443	49722	13.107.246.45	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 3, 2024 21:27:55.228791952 CEST	60288	53	192.168.2.6	1.1.1.1

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 3, 2024 21:27:55.228791952 CEST	192.168.2.6	1.1.1.1	0xc09b	Standard query (0)	settings-ssl.xboxlive.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 3, 2024 21:27:55.236573935 CEST	1.1.1.1	192.168.2.6	0xc09b	No error (0)	settings-ssl.xboxlive.com	settings-ssl.xboxlive.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 3, 2024 21:27:56.296550989 CEST	1.1.1.1	192.168.2.6	0x2f20	No error (0)	ep-afd-activation-cubaf8a6apchfsg5.z01.azurefd.net	star-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 3, 2024 21:27:56.296550989 CEST	1.1.1.1	192.168.2.6	0x2f20	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 3, 2024 21:27:56.296550989 CEST	1.1.1.1	192.168.2.6	0x2f20	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

activation2.playready.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49720	13.107.246.45	443	7052	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 19:27:56 UTC	200	OUT	GET /PlayReady/ACT/Activation.asmx?WSDL&Client=Win10&LinkId=613387 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-PlayReady-DRM/1.0 Host: activation2.playready.microsoft.com
2024-10-03 19:27:57 UTC	466	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 19:27:57 GMT Content-Type: text/xml; charset=utf-8 Content-Length: 6250 Connection: close Cache-Control: private, max-age=0 X-AspNet-Version: 4.0.30319 Request-Context: appId=cid-v1:79cef274-7303-4874-9131-e08bd3e00d78 Access-Control-Expose-Headers: Request-Context X-Powered-By: ASP.NET x-azure-ref: 20241003T192757Z-15767c5fc55whfstvfw43u8fp40000000bh000000000nxr0 X-Cache: CONFIG_NOCACHE Accept-Ranges: bytes
2024-10-03 19:27:57 UTC	6250	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 77 73 64 6c 3a 64 65 66 69 6e 69 74 69 6f 6e 73 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 31 32 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 77 73 64 6c 2f 73 6f 61 70 31 32 2f 22 20 78 6d 6c 6e 73 3a 68 74 74 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 77 73 64 6c 2f 68 74 74 70 2f 22 20 78 6d 6c 6e 73 3a 6d 69 6d 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 77 73 64 6c 2f 6d 69 6d 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><wsdl:definitions xmlns:s="http://www.w3.org/2001/XMLSchema" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:http="http://schemas.xmlsoap.org/wsdl/http/" xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49722	13.107.246.45	443	7052	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 19:27:58 UTC	595	OUT	POST /PlayReady/ACT/Activation.asmx HTTP/1.1 Connection: Keep-Alive Content-Type: text/xml; charset=utf-8 Accept: / User-Agent: Microsoft-PlayReady-DRM/1.0 x-playready-info: OSVersion=10.0; ClientDllVersion=Windows.Media.Protection.PlayReady.dll/10.0.19041.2006 (WinBuild.160101.0800); Session=957dbe4ff2e8b607995106496f92a94e; StoreAppID=Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo; X-XblCorrelationId: 4686606923178594251 SOAPAction: "http://schemas.microsoft.com/PlayReady/ActivationService/v1/Activate" Content-Length: 3580 Host: activation2.playready.microsoft.com
2024-10-03 19:27:58 UTC	3580	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 63 74 69 76 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><Activate xmlns="http://schemas.micro
2024-10-03 19:27:58 UTC	466	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 19:27:58 GMT Content-Type: text/xml; charset=utf-8 Content-Length: 7264 Connection: close Cache-Control: private, max-age=0 X-AspNet-Version: 4.0.30319 Request-Context: appId=cid-v1:79cef274-7303-4874-9131-e08bd3e00d78 Access-Control-Expose-Headers: Request-Context X-Powered-By: ASP.NET x-azure-ref: 20241003T192758Z-15767c5fc55v7j95gq2uzq37a00000000bpg00000000ehup X-Cache: CONFIG_NOCACHE Accept-Ranges: bytes
2024-10-03 19:27:58 UTC	7264	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 63 74 69 76 61 74 65 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><ActivateResponse xmlns="http://schem

Target ID:	1
Start time:	15:27:42
Start date:	03/10/2024
Path:	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe" -ServerName:Microsoft.ZuneVideo.AppX758ya5sqdjd98rx6z7g95nw6jy7bqx9y.mca
Imagebase:	0x7ff6f17e0000
File size:	25'966'080 bytes
MD5 hash:	FE340ECB1D09B5BAA66DFE25AF11654F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Asana for L&D.mp4

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\INetCache\UF7M9YIR\configuration[1].xml

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalCache\PlayReady\Cache\msprcore.bla

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalCache\PlayReady\mspr.hds

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.jfm

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.chk

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edbres00001.jrs

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edbres00002.jrs

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edbtmp.log

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\tmp.edb

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\SRPData.xml (copy)

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\SRPData.xml.~tmp

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat.LOG1

Static File Info

General

File Icon

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Windows Analysis Report
Asana for L&D.mp4