Windows Analysis Report
#U821e#U8e48 #U4e66#U7b80 .mp3

Overview

General Information

Sample name:	#U821e#U8e48 #U4e66#U7b80 .mp3
Analysis ID:	1541198
MD5:	5e68bb8a9c2bc8217bc5a5eb1644d3a1
SHA1:	66d20de8ee3351156a8df81e6f9df0d6c57abe3d
SHA256:	4f611351b7336963d533c568734a33e3a7779e7cccf4d30dae33aad4a40f0500

Detection

Score:	21
Range:	0 - 100
Whitelisted:	false
Confidence:	40%

Signatures

Query firmware table information (likely to detect VMs)

Allocates memory with a write watch (potentially for evading sandboxes)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Queries the volume information (name, serial number etc) of a device

Classification

Signatures

Source: Microsoft.Media.Player.exe, 00000002.00000002.2206101649.000002A92C7F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://musicmatch-ssl.xboxlive.com/en-US/albums/suggest
Source: Microsoft.Media.Player.exe, 00000002.00000002.2206101649.000002A92C7F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://musicmatch-ssl.xboxlive.com/en-US/tracks/match

Source: classification engine

Classification label: sus21.evad.winMP3@1/6@0/0

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe

File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\MediaPlayer.db

Jump to behavior

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: microsoft.media.player.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: sharedlibrary.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mrt100_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: e_sqlite3.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: clrcompression.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: esent.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mrt100_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: vcruntime140_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mrt100.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.ui.xaml.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.staterepositorycore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: d2d1.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mrmcorer.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.staterepositoryclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.ui.xaml.phone.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.globalization.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.ui.xaml.controls.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.shell.servicehostbuilder.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: execmodelproxy.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: uiamanager.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.ui.core.textinput.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.ui.immersive.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.storage.applicationdata.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: rometadata.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: capabilityaccessmanagerclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: usermgrproxy.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: usermgrcli.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.media.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mfplat.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: rtworkq.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: comppkgsup.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.media.playback.mediaplayer.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.media.mediacontrol.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mfmediaengine.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: audioses.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.media.devices.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.media.playback.proxystub.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: profext.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.applicationmodel.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.devices.custom.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.devices.enumeration.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: devdispitemprovider.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: msvcp140_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: vcruntime140_1_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.energy.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.graphics.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: twinapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.staterepositorybroker.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.devices.picker.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: playtomanager.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: directmanipulation.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: threadpoolwinrt.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: wuceffects.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mfsrcsnk.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mfcore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: ksuser.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: avrt.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mp3dmod.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: msdmo.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: resampledmo.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: dwmapi.dll	Jump to behavior

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: #U821e#U8e48 #U4e66#U7b80 .mp3

Static file information: File size 3018439 > 1048576

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Query firmware table information (likely to detect VMs)

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe

System information queried: FirmwareTableInformation

Jump to behavior

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A92C720000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A944720000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A944A90000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A944F40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A944FE0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A947D70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A947D80000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A947DB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F240000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F250000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F4C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F4D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F4E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F5F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F800000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F810000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F830000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F820000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F840000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F850000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F860000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F880000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F870000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F890000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F980000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F9B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F9C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F9F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94FC30000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94FC40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94FC50000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94FC60000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94FD30000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94FD40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94FD50000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94FD70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94FD80000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94FDA0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94FDC0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94FDD0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A950800000 memory reserve \| memory write watch	Jump to behavior

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe

Window / User API: threadDelayed 1628

Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\resources\fonts\MediaPlayerIcons.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\resources\fonts\MediaPlayerIcons.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\resources\fonts\MediaPlayerIcons.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\resources\fonts\MediaPlayerIcons.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\resources\fonts\MediaPlayerIcons.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\MediaPlayer.db	SQLite 3.x database, last written using SQLite version 3033000, writer version 2, read version 2, file counter 1, database pages 1, cookie 0, schema 0, unknown 0 encoding, version-valid-for 1	287A8DA9F4322ECF1C410C63EE2B033E	8256BF1D4AC6B126F0752DA1E850CF9415998F3C	4B0F372CF45FCDB0A93E0DE44D25C2A6334E7F89B94CC3E4C4E0588F89314FE2
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\MediaPlayer.db-journal	SQLite Rollback Journal	B0ECBB112168AD4522C8AE601C2D0384	B7D03B7C41FEF40588ACB821404E421BF029048A	D5317370CCF2F6C29B4B5A420F8781339E649AD9C9593ECBD14F17025B3E7E2C
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\MediaPlayer.db-shm	data	4B354C368752E5F9EB438FCCDC172FC4	E0E83EADA1700D69C3940274372523B9671185F6	AD246480B0E4B1625498F42930DA5BB7D5551FED0D24EF8427B347E9F505DBEA
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\MediaPlayer.db-wal	SQLite Write-Ahead Log, version 3007000	590CD7746031EA7E923DBE22978C4AC2	D7D1AB70EBD8D3A445AB38726268B21D11DAAADC	2F8CF3317B3924C66EBEC2B1145D0B1713B7F05FE51A8E545FD514EEDB28E51E
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat	MS Windows registry file, NT/2000 or above	57EB619D0D0E4831C5B47A12113313E3	C1D0A878894A59C43002AAFD9344EDEDB7B137BB	87C4699396D0FD19C5B15DECB4574B92338CBCA9EAFDD167F0ECEAF0AB70D643
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat.LOG1	MS Windows registry file, NT/2000 or above	985085FCEB63F081CE5908190F5C7E37	BA892689340DE4E1628C61D12412994C8BE08D51	C5201241C8AAF4F5688A0B903ED637090ADD7470FA67232BAED550C0B1EF4A40

Source: Microsoft.Media.Player.exe, 00000002.00000002.2206101649.000002A92C7F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://musicmatch-ssl.xboxlive.com/en-US/albums/suggest
Source: Microsoft.Media.Player.exe, 00000002.00000002.2206101649.000002A92C7F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://musicmatch-ssl.xboxlive.com/en-US/tracks/match

Source: classification engine

Classification label: sus21.evad.winMP3@1/6@0/0

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe

File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\MediaPlayer.db

Jump to behavior

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: microsoft.media.player.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: sharedlibrary.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mrt100_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: e_sqlite3.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: clrcompression.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: esent.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mrt100_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: vcruntime140_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mrt100.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.ui.xaml.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.staterepositorycore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: d2d1.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mrmcorer.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.staterepositoryclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.ui.xaml.phone.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.globalization.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.ui.xaml.controls.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.shell.servicehostbuilder.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: execmodelproxy.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: uiamanager.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.ui.core.textinput.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.ui.immersive.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.storage.applicationdata.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: rometadata.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: capabilityaccessmanagerclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: usermgrproxy.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: usermgrcli.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.media.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mfplat.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: rtworkq.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: comppkgsup.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.media.playback.mediaplayer.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.media.mediacontrol.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mfmediaengine.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: audioses.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.media.devices.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.media.playback.proxystub.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: profext.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.applicationmodel.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.devices.custom.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.devices.enumeration.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: devdispitemprovider.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: msvcp140_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: vcruntime140_1_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.energy.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.graphics.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: twinapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.staterepositorybroker.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.devices.picker.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: playtomanager.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: directmanipulation.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: threadpoolwinrt.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: wuceffects.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mfsrcsnk.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mfcore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: ksuser.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: avrt.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mp3dmod.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: msdmo.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: resampledmo.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: dwmapi.dll	Jump to behavior

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: #U821e#U8e48 #U4e66#U7b80 .mp3

Static file information: File size 3018439 > 1048576

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Query firmware table information (likely to detect VMs)

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe

System information queried: FirmwareTableInformation

Jump to behavior

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A92C720000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A944720000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A944A90000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A944F40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A944FE0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A947D70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A947D80000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A947DB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F240000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F250000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F4C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F4D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F4E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F5F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F800000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F810000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F830000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F820000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F840000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F850000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F860000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F880000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F870000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F890000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F980000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F9B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F9C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F9F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94FC30000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94FC40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94FC50000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94FC60000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94FD30000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94FD40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94FD50000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94FD70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94FD80000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94FDA0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94FDC0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94FDD0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A950800000 memory reserve \| memory write watch	Jump to behavior

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe

Window / User API: threadDelayed 1628

Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\resources\fonts\MediaPlayerIcons.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\resources\fonts\MediaPlayerIcons.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\resources\fonts\MediaPlayerIcons.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\resources\fonts\MediaPlayerIcons.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\resources\fonts\MediaPlayerIcons.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior

ID:	1541198
Product:	CloudBasic
Start time:	15:08:25
Start date:	24.10.2024
Sample:	#U821e#U8e48 #U4e66#U7b80 .mp3
Cookbook:	default.jbs
System description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Architecture:	WINDOWS
MD5:	5e68bb8a9c2bc8217bc5a5eb1644d3a1
SHA1:	66d20de8ee3351156a8df81e6f9df0d6c57abe3d
SHA256:	4f611351b7336963d533c568734a33e3a7779e7cccf4d30dae33aad4a40f0500
Filetype:	MP3 audio (ID3 v2.x tag) (3003/1) 100.00%

Windows Analysis Report
#U821e#U8e48 #U4e66#U7b80 .mp3

Overview

General Information

Detection

Signatures

Classification

Signatures

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report #U821e#U8e48 #U4e66#U7b80 .mp3

Overview

General Information

Detection

Signatures

Classification

Signatures

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
#U821e#U8e48 #U4e66#U7b80 .mp3