Windows Analysis Report
audio.mp3

Overview

General Information

Sample name:	audio.mp3
Analysis ID:	1426617
MD5:	95f40db7f6d453afd3a63506a78a4cb5
SHA1:	30acdaa2eba8415024bbe26e98cc100a8cb453de
SHA256:	8f6e87b3dc1ec87cd62e4dd3900440f1343c0c7d83750154c410c84440737fe1

Detection

Score:	21
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Query firmware table information (likely to detect VMs)

Allocates memory with a write watch (potentially for evading sandboxes)

Queries the volume information (name, serial number etc) of a device

Classification

Signatures

Source:	Binary string: D:\a\_work\1\s\corefx\bin\obj\Windows_NT.x64.Release\native_aot\clrcompression\Release\clrcompression.pdb source: Microsoft.Media.Player.exe, 00000007.00000002.101968178296.00007FFE2059A000.00000002.00000001.01000000.00000004.sdmp
Source:	Binary string: d:\a\1\s\bin\uapx64\release\winrt.dll.uap\Microsoft.Graphics.Canvas.pdb source: Microsoft.Media.Player.exe, 00000007.00000002.101967795220.00007FFDF9DC8000.00000002.00000001.01000000.0000000E.sdmp

Source: Microsoft.Media.Player.exe, 00000007.00000002.101968271526.00007FFE205A0000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: https://github.com/dotnet/corefx/tree/53eb6703edaf54d3b3f8eb2911325824b010049b
Source: Microsoft.Media.Player.exe, 00000007.00000002.101968271526.00007FFE205A0000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: https://github.com/dotnet/corefx/tree/53eb6703edaf54d3b3f8eb2911325824b010049bD
Source: Microsoft.Media.Player.exe, 00000007.00000002.101950696522.000002CCD33F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://musicmatch-ssl.xboxlive.com/en-US/albums/suggest
Source: Microsoft.Media.Player.exe, 00000007.00000002.101950696522.000002CCD33F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://musicmatch-ssl.xboxlive.com/en-US/tracks/match

Source: classification engine

Classification label: sus21.evad.winMP3@1/6@0/0

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe

File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\MediaPlayer.db

Jump to behavior

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: microsoft.media.player.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: sharedlibrary.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mrt100_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: e_sqlite3.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: clrcompression.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: esent.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mrt100_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: vcruntime140_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: vcruntime140_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mrt100.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.ui.xaml.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.staterepositorycore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mrmcorer.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.staterepositoryclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: d2d1.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.ui.xaml.phone.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.globalization.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.ui.xaml.controls.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.shell.servicehostbuilder.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: execmodelproxy.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: uiamanager.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.ui.core.textinput.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.ui.immersive.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.storage.applicationdata.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: rometadata.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: capabilityaccessmanagerclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: usermgrproxy.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: usermgrcli.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.media.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mfplat.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: rtworkq.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: comppkgsup.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.media.playback.mediaplayer.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.media.mediacontrol.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mfmediaengine.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: audioses.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.media.devices.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.media.playback.proxystub.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: profext.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.applicationmodel.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.devices.custom.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.devices.enumeration.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: devdispitemprovider.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: msvcp140_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: vcruntime140_1_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: vcruntime140_1_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.energy.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.graphics.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: twinapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.staterepositorybroker.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.devices.picker.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: playtomanager.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: directmanipulation.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: threadpoolwinrt.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: wuceffects.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mfsrcsnk.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mfcore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: ksuser.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: avrt.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mp3dmod.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: msdmo.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: resampledmo.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: dwmapi.dll	Jump to behavior

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:	Binary string: D:\a\_work\1\s\corefx\bin\obj\Windows_NT.x64.Release\native_aot\clrcompression\Release\clrcompression.pdb source: Microsoft.Media.Player.exe, 00000007.00000002.101968178296.00007FFE2059A000.00000002.00000001.01000000.00000004.sdmp
Source:	Binary string: d:\a\1\s\bin\uapx64\release\winrt.dll.uap\Microsoft.Graphics.Canvas.pdb source: Microsoft.Media.Player.exe, 00000007.00000002.101967795220.00007FFDF9DC8000.00000002.00000001.01000000.0000000E.sdmp

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Query firmware table information (likely to detect VMs)

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe

System information queried: FirmwareTableInformation

Jump to behavior

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCD3320000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCEB320000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCD2FD0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCD2FF0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCEBB80000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCEBBE0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCEBBF0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF55C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF5E10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF5F60000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6080000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF60A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF60B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF60C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF61D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF61E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF61F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6400000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6440000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6450000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6410000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6460000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6420000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6430000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6550000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6590000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF65A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6A00000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6A10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6A20000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6A30000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6A40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6F10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6F20000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6F30000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6F60000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6F70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6F80000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6F90000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6FB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6FD0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF55A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6560000 memory reserve \| memory write watch	Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\resources\fonts\MediaPlayerIcons.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\resources\fonts\MediaPlayerIcons.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\resources\fonts\MediaPlayerIcons.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\resources\fonts\MediaPlayerIcons.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\resources\fonts\MediaPlayerIcons.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\MediaPlayer.db	SQLite 3.x database, last written using SQLite version 3033000, writer version 2, read version 2, file counter 1, database pages 1, cookie 0, schema 0, unknown 0 encoding, version-valid-for 1	287A8DA9F4322ECF1C410C63EE2B033E	8256BF1D4AC6B126F0752DA1E850CF9415998F3C	4B0F372CF45FCDB0A93E0DE44D25C2A6334E7F89B94CC3E4C4E0588F89314FE2
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\MediaPlayer.db-journal	SQLite Rollback Journal	000168BA1E681B10B08B418EB79157F6	D2264BF971B3B53656ADD4913B4295F79C12D31B	8D6FCECD69716754880BF3CF3D838A3F3ED007404A3FF9A6A7E120197486A769
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\MediaPlayer.db-shm	data	DEE5737628B8C0F838FA58C2074DDADC	D28606E0409C435C1A053EA856A244C798E95764	3935E9BD7A578FFDA6B1140BAC57CB8EA46E1A8024D23E68297AC4F45BE93460
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\MediaPlayer.db-wal	SQLite Write-Ahead Log, version 3007000	24ADE4A97E8E0C4C82774D73E0C3AB9B	5E2BC430071A88A74BC59856B3EA3759A6E57A2A	214F7E6C0D520CFE733EC9EA38E98C89234E5826F2AE767529643C0C45F9C915
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat	MS Windows registry file, NT/2000 or above	6ECB0B4EFACB9928125964EFCCC09AF2	C9F4A990F67B0B6E9E932874FE16DF4A9559D852	A98D9AC615FBD4A43C6ABCB237EDE1CC5D65DACD6598D7BB69DDEE0152C5F7CE
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat.LOG1	MS Windows registry file, NT/2000 or above	6D7D77B19C2E42019926129CB2FD38E7	660107B70208C80A999A2C9B9B570894623E8FCC	A7C75C06144B6B3EED0DD904C3C093D9436CF94069EE7BE51DB3C81C5DAFF3E5

Source:	Binary string: D:\a\_work\1\s\corefx\bin\obj\Windows_NT.x64.Release\native_aot\clrcompression\Release\clrcompression.pdb source: Microsoft.Media.Player.exe, 00000007.00000002.101968178296.00007FFE2059A000.00000002.00000001.01000000.00000004.sdmp
Source:	Binary string: d:\a\1\s\bin\uapx64\release\winrt.dll.uap\Microsoft.Graphics.Canvas.pdb source: Microsoft.Media.Player.exe, 00000007.00000002.101967795220.00007FFDF9DC8000.00000002.00000001.01000000.0000000E.sdmp

Source: Microsoft.Media.Player.exe, 00000007.00000002.101968271526.00007FFE205A0000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: https://github.com/dotnet/corefx/tree/53eb6703edaf54d3b3f8eb2911325824b010049b
Source: Microsoft.Media.Player.exe, 00000007.00000002.101968271526.00007FFE205A0000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: https://github.com/dotnet/corefx/tree/53eb6703edaf54d3b3f8eb2911325824b010049bD
Source: Microsoft.Media.Player.exe, 00000007.00000002.101950696522.000002CCD33F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://musicmatch-ssl.xboxlive.com/en-US/albums/suggest
Source: Microsoft.Media.Player.exe, 00000007.00000002.101950696522.000002CCD33F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://musicmatch-ssl.xboxlive.com/en-US/tracks/match

Source: classification engine

Classification label: sus21.evad.winMP3@1/6@0/0

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe

File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\MediaPlayer.db

Jump to behavior

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: microsoft.media.player.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: sharedlibrary.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mrt100_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: e_sqlite3.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: clrcompression.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: esent.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mrt100_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: vcruntime140_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: vcruntime140_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mrt100.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.ui.xaml.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.staterepositorycore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mrmcorer.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.staterepositoryclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: d2d1.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.ui.xaml.phone.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.globalization.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.ui.xaml.controls.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.shell.servicehostbuilder.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: execmodelproxy.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: uiamanager.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.ui.core.textinput.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.ui.immersive.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.storage.applicationdata.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: rometadata.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: capabilityaccessmanagerclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: usermgrproxy.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: usermgrcli.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.media.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mfplat.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: rtworkq.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: comppkgsup.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.media.playback.mediaplayer.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.media.mediacontrol.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mfmediaengine.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: audioses.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.media.devices.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.media.playback.proxystub.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: profext.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.applicationmodel.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.devices.custom.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.devices.enumeration.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: devdispitemprovider.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: msvcp140_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: vcruntime140_1_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: vcruntime140_1_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.energy.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.graphics.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: twinapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.staterepositorybroker.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.devices.picker.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: playtomanager.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: directmanipulation.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: threadpoolwinrt.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: wuceffects.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mfsrcsnk.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mfcore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: ksuser.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: avrt.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mp3dmod.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: msdmo.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: resampledmo.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: dwmapi.dll	Jump to behavior

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:	Binary string: D:\a\_work\1\s\corefx\bin\obj\Windows_NT.x64.Release\native_aot\clrcompression\Release\clrcompression.pdb source: Microsoft.Media.Player.exe, 00000007.00000002.101968178296.00007FFE2059A000.00000002.00000001.01000000.00000004.sdmp
Source:	Binary string: d:\a\1\s\bin\uapx64\release\winrt.dll.uap\Microsoft.Graphics.Canvas.pdb source: Microsoft.Media.Player.exe, 00000007.00000002.101967795220.00007FFDF9DC8000.00000002.00000001.01000000.0000000E.sdmp

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Query firmware table information (likely to detect VMs)

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe

System information queried: FirmwareTableInformation

Jump to behavior

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCD3320000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCEB320000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCD2FD0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCD2FF0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCEBB80000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCEBBE0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCEBBF0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF55C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF5E10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF5F60000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6080000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF60A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF60B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF60C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF61D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF61E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF61F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6400000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6440000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6450000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6410000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6460000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6420000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6430000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6550000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6590000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF65A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6A00000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6A10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6A20000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6A30000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6A40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6F10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6F20000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6F30000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6F60000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6F70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6F80000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6F90000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6FB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6FD0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF55A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2CCF6560000 memory reserve \| memory write watch	Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\resources\fonts\MediaPlayerIcons.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\resources\fonts\MediaPlayerIcons.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\resources\fonts\MediaPlayerIcons.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\resources\fonts\MediaPlayerIcons.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\resources\fonts\MediaPlayerIcons.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior

ID:	1426617
Product:	CloudBasic
Start time:	12:05:38
Start date:	16.04.2024
Sample:	audio.mp3
Cookbook:	default.jbs
System description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Architecture:	WINDOWS
MD5:	95f40db7f6d453afd3a63506a78a4cb5
SHA1:	30acdaa2eba8415024bbe26e98cc100a8cb453de
SHA256:	8f6e87b3dc1ec87cd62e4dd3900440f1343c0c7d83750154c410c84440737fe1
Filetype:	MP3 audio (1001/1) 100.00%

Windows Analysis Report
audio.mp3

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report audio.mp3

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
audio.mp3