Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
IMG_3862.MOV

Overview

General Information

Sample name:IMG_3862.MOV
Analysis ID:1428771
MD5:c62f52f8d8c87b76b308b2edd207dc88
SHA1:0534d42c84eafebe3a15d4b9d7e27cba27a6df55
SHA256:8b52e9efa637f86b46f4ebb4da3ed4b62b1cd139832e561a1bf5b88a6dd9a4af

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device

Classification

Analysis Advice

Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Process Tree

  • System is w10x64_ra
  • Video.UI.exe (PID: 6476 cmdline: "C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe" -ServerName:Microsoft.ZuneVideo.AppX758ya5sqdjd98rx6z7g95nw6jy7bqx9y.mca MD5: FE340ECB1D09B5BAA66DFE25AF11654F)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownHTTPS traffic detected: 13.107.246.41:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.41:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownDNS traffic detected: queries for: settings-ssl.xboxlive.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownHTTPS traffic detected: 13.107.246.41:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.41:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: classification engineClassification label: clean1.winMOV@1/8@1/31
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: d3d11.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: d2d1.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: dwrite.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: dxgi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: sharedui.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: vccorlib140_app.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: msvcp140_app.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: concrt140_app.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: vcruntime140_app.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: vcruntime140_app.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: vcruntime140_app.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: windows.ui.xaml.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: coremessaging.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: bcp47langs.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: iertutil.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: dcomp.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: twinapi.appcore.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: wintypes.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: windows.staterepositorycore.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: windows.ui.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: windowmanagementapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: textinputframework.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: inputhost.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: propsys.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: ntmarta.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: uxtheme.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: urlmon.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: srvcli.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: netutils.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: resourcepolicyclient.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: d3d10warp.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: rometadata.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: dxcore.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: textshaping.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: windows.applicationmodel.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: esent.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: windows.storage.applicationdata.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: windows.storage.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: wldp.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: logoncli.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: threadpoolwinrt.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: windows.globalization.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: bcp47mrm.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: profapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: clipc.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: cryptsp.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: mrmcorer.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: windows.staterepositoryclient.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: cryptbase.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: appxdeploymentclient.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: windows.ui.xaml.controls.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: windows.shell.servicehostbuilder.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: execmodelproxy.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: rmclient.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: uiamanager.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: windows.ui.core.textinput.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: windows.ui.immersive.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: dataexchange.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: windows.system.profile.retailinfo.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: windows.media.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: windows.graphics.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: windows.ui.xaml.phone.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: twinapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: windows.energy.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: windows.networking.connectivity.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: windows.devices.enumeration.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: directmanipulation.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: wuceffects.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: windows.media.playback.mediaplayer.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: mfplat.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: rtworkq.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: windows.media.mediacontrol.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: mmdevapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: devobj.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: mfmediaengine.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: powrprof.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: xmllite.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: powrprof.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: umpdc.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: audioses.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: windows.media.devices.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: windows.media.playback.proxystub.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: devdispitemprovider.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: windows.web.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: ddores.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: defaultdevicemanager.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: userenv.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: profext.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: comppkgsup.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: mfmp4srcsnk.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: mfcore.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: ksuser.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: avrt.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: mfsvr.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: resourcepolicyclient.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: msvproc.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: msauddecmft.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: mfperfhelper.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: resampledmo.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: msdmo.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: msmpeg2vdec.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: windows.graphics.display.brightnessoverride.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: dwmapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: windows.graphics.display.displayenhancementoverride.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: mscms.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: coloradapterclient.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: sspicli.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: wpnapps.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: msxml6.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: windows.media.protection.playready.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: windows.networking.backgroundtransfer.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: systemeventsbrokerclient.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: wininet.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: windows.applicationmodel.lockscreen.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: wincorlib.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: lockappbroker.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: biwinrt.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: winhttp.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: mswsock.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: iphlpapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: winnsi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: dnsapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: rasadhlp.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: windows.security.authentication.web.core.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: vaultcli.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: microsoftaccountwamextension.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: windows.applicationmodel.background.timebroker.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: schannel.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: dhcpcsvc6.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: webio.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: mskeyprotect.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: ntasn1.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: ncrypt.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: ncryptsslp.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: msasn1.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: dpapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: rsaenh.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: gpapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: cryptnet.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: gnsdk_fp.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: mf.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeSection loaded: mfps.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32
Source: IMG_3862.MOVStatic file information: File size 14220917 > 1048576
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeFile opened: PhysicalDrive0
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edbtmp.log VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edbtmp.log VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edbres00001.jrs VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edbres00002.jrs VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.chk VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.jfm VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\tmp.edb VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeQueries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.chk VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Resources\Fonts\SegMVR2.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Resources\Fonts\SegMVR2.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Resources\Fonts\SegMVR2.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Resources\Fonts\SegMVR2.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Resources\Fonts\SegMVR2.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\SRPData.xml VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
DLL Side-Loading		1
Masquerading		OS Credential Dumping1
Security Software Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Virtualization/Sandbox Evasion		LSASS Memory1
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading		Security Account Manager21
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
part-0013.t-0009.t-msedge.net
13.107.246.41
truefalse
    		unknown
    settings-ssl.xboxlive.com
    		unknown
    		unknownfalse
      		high

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      13.107.246.41
      		part-0013.t-0009.t-msedge.netUnited States
      		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
      184.25.164.10
      		unknownUnited States
      		9498BBIL-APBHARTIAirtelLtdINfalse
      184.31.61.214
      		unknownUnited States
      		16625AKAMAI-ASUSfalse

      General Information

      Joe Sandbox version:40.0.0 Tourmaline
      Analysis ID:1428771
      Start date and time:2024-04-19 15:43:50 +02:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:defaultwindowsinteractivecookbook.jbs
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:19
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • EGA enabled
      Analysis Mode:stream
      Analysis stop reason:Timeout
      Sample name:IMG_3862.MOV
      Detection:CLEAN
      Classification:clean1.winMOV@1/8@1/31
      Cookbook Comments:
      • Found application associated with file extension: .MOV

      Warnings

      • Exclude process from analysis (whitelisted): dllhost.exe, audiodg.exe, RuntimeBroker.exe, svchost.exe
      • Excluded IPs from analysis (whitelisted): 184.31.62.93
      • Excluded domains from analysis (whitelisted): fs.microsoft.com, e16604.g.akamaiedge.net, ctldl.windowsupdate.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net
      • Not all processes where analyzed, report is missing behavior information
      • Report size getting too big, too many NtOpenKey calls found.
      • Report size getting too big, too many NtOpenKeyEx calls found.
      • Report size getting too big, too many NtProtectVirtualMemory calls found.
      • Report size getting too big, too many NtQueryValueKey calls found.
      • VT rate limit hit for: IMG_3862.MOV

      Created / dropped Files

      C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\INetCache\J2BQWT8V\configuration[1].xml

      Download File
      Process:C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe
      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
      Category:dropped
      Size (bytes):1520
      Entropy (8bit):5.0183726539703795
      Encrypted:false
      SSDEEP:
      MD5:E72FC6D9DAF66E2D8BC9FE37BE8CE4D8
      SHA1:667F95190910D5841E4531330001423CBB8E2030
      SHA-256:B5CCAFA927AF87CEA7E85A2D197C2E841E557B87900665C12FA6F8059B8B9356
      SHA-512:5D56979DBDB586601570DB6AEE666EA1DF489F3EB25285DEDC4A216834955E590158058D6B0C23D084C6C059AD91CF7B7FC32436E572693A96527F3D6E14160C
      Malicious:false
      Reputation:unknown
      Preview:<?xml version="1.0" encoding="utf-8"?>..<clientConfiguration xmlns="http://schemas.microsoft.com/XblWinClient/2012/03" version="1">.. <targetedClient>XblWinClient</targetedClient > .. <rights>Copyright (c) Microsoft Corporation. All rights reserved.</rights>.. <configuration name="Playback" minBuild="16122.1018">.. <property name="UseAdaptiveMediaSourcePercent" value="50" type="int32"/>.. <property name="UseDashContentForMBRSourcePercent" value="100" type="int32"/>.. </configuration>.. <configuration name="Playback" minBuild="16122.1018" maxBuild="17032.1033">.. <property name="UseDashContentForMBRSourcePercentBeforeRS2" value="0" type="int32"/>.. </configuration>.. <configuration name="Playback" minBuild="17032.1034">.. <property name="UseDashContentForMBRSourcePercentBeforeRS2" value="100" type="int32"/>.. </configuration>.. <configuration name="Groveler" minBuild="17063.0" maxBuild="17082.9999">..

      C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalCache\PlayReady\Cache\msprcore.bla

      Download File
      Process:C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe
      File Type:RAGE Package Format (RPF),
      Category:dropped
      Size (bytes):5113
      Entropy (8bit):6.056348882278594
      Encrypted:false
      SSDEEP:
      MD5:738392E321A9F454180FA86AAA5A0EF4
      SHA1:7B00937F4CA5F1504D86F93DAA5EFF25C080E826
      SHA-256:CE2E1D74E7610961E913725EC7BB6BBB1F073EBC57FF1A31E67CE12518554694
      SHA-512:C9FA5EBA1267DDF06D1262111A8501FFE73FB9FF8C957671BFF86EC85008C19836F2100134CE056EE4A7D55551BA5C6CF1590326B7F02ADA1590496F0A6A8FCA
      Malicious:false
      Reputation:unknown
      Preview:PRKF...................................,..........^...3].....3...6.J....T.........|.......@..j..[.6:.$QV..`.&.$F.x..,..i.9.0..+.......5)..L\..V.5L..Hq..M..g...z ... ...l;xi.=.B.....W.......&.."..........<.......i..........'.'..CFad..a.............................................@.WG.a.i0f.X#........Mn|mh....<f.\n`...~.....8.^.S..U.wz%..V.............. i..8.._.~.. b.b.fO.)%`.E.cr..M4.i.%.*1.I....~.e...................@.......-$.....q....F{.c.-F.H....1H..x...}:..x5(...r.?3..fLF...[........... oT..9x..s..1Gm.0aS. y...9..iC... ..-F..q....M...................@..j..[.6:.$QV..`.&.$F.x..,..i.9.0..+.......5)..L\..V.5L..Hq..M...........A...=....vs.=.S....d[0....kR.e\.@u5...................+Sz..>...5..b..R.F..%A5J"4...........P.......@CHAI.......@........CERT...................X2....DE.S,&}..(................-..3.:...l..:Z..#.....W..!................................(...<............................................................-$.....q....F{.c.-F.H....1H..x...}:..x5(...r.?3..fL

      C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalCache\PlayReady\mspr.hds

      Download File
      Process:C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe
      File Type:data
      Category:dropped
      Size (bytes):528384
      Entropy (8bit):0.013104541777247401
      Encrypted:false
      SSDEEP:
      MD5:8ADD9DB6AE7B9E4A5AF5DC23D6AEC32A
      SHA1:AD4EC39774151CBEF152C8456D54C79930EF245E
      SHA-256:858118E532E4D564713F6613FC60A7DAD4E5CC67079F5AF0BB4794A519998F3A
      SHA-512:A8061195F63955A89288D8A30E947E19F72890B874EE468FAFC0FEE6CEC257FDC661CE006EF8150DB0E66689563521907CC19B60B30955852FB5056BF5EB0595
      Malicious:false
      Reputation:unknown
      Preview:........A.s..%-.i...0...........g.W._...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb

      Download File
      Process:C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe
      File Type:Extensible storage engine DataBase, version 0x620, checksum 0xeb592adf, page size 8192, JustCreated, Windows version 0.0
      Category:dropped
      Size (bytes):16384
      Entropy (8bit):0.11814050197352197
      Encrypted:false
      SSDEEP:
      MD5:6C2558A51A8E682D77BB817FA67F303F
      SHA1:03FB3CEB07543DC31AE6F58AD79CF85E3C4EE276
      SHA-256:6B5DD28CCCE5C3F9DFEAD16792CE9A0FEB260F177AD65DB1016D5CF344F44738
      SHA-512:7BC59DAA9B3A63658C3185FDB4E5C7A56932F0D5EE154F6EDFADFC9E13260C827939D9B55978B9F267DB7654FC8A8727975910A706A5A0620523BFB13B79E5F0
      Malicious:false
      Reputation:unknown
      Preview:.Y*.... .......@.........E..,...|..............................................h............................{.>.,...|w...................................................................................................................... ...................................................................................................... .......................................................................................................................................................................................................................................................,...|.1................d....,...|..........................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.chk

      Download File
      Process:C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe
      File Type:data
      Category:dropped
      Size (bytes):8192
      Entropy (8bit):0.6155569443729233
      Encrypted:false
      SSDEEP:
      MD5:5A4C2F73FAFE26B0CA26A514DEEB1018
      SHA1:2CF8628C1FCCBFF94D7EA20CFD0152BD527CC4CE
      SHA-256:44E0A4A7AD079BD9C04FD06F1CCFEC7F982056539EA459ED8D73B47BBDF5B6CE
      SHA-512:0E04542CE46357FDA9C60F09530663E1861DFF90208D514BB0B673859A2422165EE813C85D4BEE79A33500CFA4CDD7F95727795028605AE483A02313E47785AA
      Malicious:false
      Reputation:unknown
      Preview:..!..................{.>.,...|w.................C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\................................................................................................................................................................C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\.................................................................................................................................................................0u..,.....................5w.................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log

      Download File
      Process:C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe
      File Type:data
      Category:dropped
      Size (bytes):2097152
      Entropy (8bit):0.002396927891297
      Encrypted:false
      SSDEEP:
      MD5:7C44A4BC892990FA8BB9BE8FF95523F0
      SHA1:CF4083F061DD90C0A8D4C91CA2A7625DB688A2C6
      SHA-256:34A27C2279AD44D8C4F5FEF226732F083CA71BFA6ECC992A910AF32279723A3C
      SHA-512:67B6FF0E9D4CE4F1C5D67B437333FD2AF9F44D96641E0B1397D328A96DDFCC8A16271B47990548E8641FB0746CC5FEB685E19F220216E1869183759CD94717A9
      Malicious:false
      Reputation:unknown
      Preview:=fi............ .,...|w......................{.>.,...|w.................C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\................................................................................................................................................................C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\.................................................................................................................................................................0u..,.....................5w.......................................#.................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edbres00002.jrs

      Download File
      Process:C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe
      File Type:data
      Category:dropped
      Size (bytes):2097152
      Entropy (8bit):0.0
      Encrypted:false
      SSDEEP:
      MD5:B2D1236C286A3C0704224FE4105ECA49
      SHA1:7D76D48D64D7AC5411D714A4BB83F37E3E5B8DF6
      SHA-256:5647F05EC18958947D32874EEB788FA396A05D0BAB7C1B71F112CEB7E9B31EEE
      SHA-512:731859029215873FDAC1C9F2F8BD25A334ABF0F3A9E1B057CF2CACC2826D86B0C26A3FA920A936421401C0471F38857CB53BA905489EA46B185209FDFF65B3B6
      Malicious:false
      Reputation:unknown
      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\SRPData.xml (copy)

      Download File
      Process:C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe
      File Type:ASCII text, with no line terminators
      Category:dropped
      Size (bytes):0
      Entropy (8bit):0.0
      Encrypted:false
      SSDEEP:
      MD5:C32AECF22581969CE52340A49FCB4DB4
      SHA1:3FAD3E65D0FB26999626169BDCD4D814CE764C74
      SHA-256:28F43E498E58DCEE5D788DA02262B5F03AFDFEB70F9C5841097E345E73FD2D58
      SHA-512:FF71F5F0CECFBB1A7C0930C17CDFF6D521B6379ED0A7E16EFE0CA1EEBF3C24709678D1CBFEC8B6ABC623C967FD314FD2FEF592485AA2C95852C75EF2D3FA20FB
      Malicious:false
      Reputation:unknown
      Preview:<SRPData version="1" sessionId="1"><Outcomes><Outcome id="videoCompleted" timesOccurred="1" /></Outcomes><Threshold launches="1" daysLaunched="1" dayOfLastLaunch="19" monthOfLastLaunch="4" yearOfLastLaunch="2024" userHasAccepted="false" timesPolled="0"/></SRPData>

      C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\SRPData.xml.~tmp

      Download File
      Process:C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe
      File Type:ASCII text, with no line terminators
      Category:dropped
      Size (bytes):264
      Entropy (8bit):4.856009474037668
      Encrypted:false
      SSDEEP:
      MD5:C32AECF22581969CE52340A49FCB4DB4
      SHA1:3FAD3E65D0FB26999626169BDCD4D814CE764C74
      SHA-256:28F43E498E58DCEE5D788DA02262B5F03AFDFEB70F9C5841097E345E73FD2D58
      SHA-512:FF71F5F0CECFBB1A7C0930C17CDFF6D521B6379ED0A7E16EFE0CA1EEBF3C24709678D1CBFEC8B6ABC623C967FD314FD2FEF592485AA2C95852C75EF2D3FA20FB
      Malicious:false
      Reputation:unknown
      Preview:<SRPData version="1" sessionId="1"><Outcomes><Outcome id="videoCompleted" timesOccurred="1" /></Outcomes><Threshold launches="1" daysLaunched="1" dayOfLastLaunch="19" monthOfLastLaunch="4" yearOfLastLaunch="2024" userHasAccepted="false" timesPolled="0"/></SRPData>

      C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\SRPData.xml~RF557dec.TMP (copy)

      Download File
      Process:C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe
      File Type:ASCII text, with no line terminators
      Category:dropped
      Size (bytes):0
      Entropy (8bit):0.0
      Encrypted:false
      SSDEEP:
      MD5:C32AECF22581969CE52340A49FCB4DB4
      SHA1:3FAD3E65D0FB26999626169BDCD4D814CE764C74
      SHA-256:28F43E498E58DCEE5D788DA02262B5F03AFDFEB70F9C5841097E345E73FD2D58
      SHA-512:FF71F5F0CECFBB1A7C0930C17CDFF6D521B6379ED0A7E16EFE0CA1EEBF3C24709678D1CBFEC8B6ABC623C967FD314FD2FEF592485AA2C95852C75EF2D3FA20FB
      Malicious:false
      Reputation:unknown
      Preview:<SRPData version="1" sessionId="1"><Outcomes><Outcome id="videoCompleted" timesOccurred="1" /></Outcomes><Threshold launches="1" daysLaunched="1" dayOfLastLaunch="19" monthOfLastLaunch="4" yearOfLastLaunch="2024" userHasAccepted="false" timesPolled="0"/></SRPData>

      Static File Info

      General

      File type:ISO Media, Apple QuickTime movie, Apple QuickTime (.MOV/QT)
      Entropy (8bit):7.999488912659986
      TrID:
      • 3GPP2 multimedia audio/video (48507/2) 82.89%
      • QuickTime Movie (5001/1) 8.55%
      • Generic MP4 container (3007/2) 5.14%
      • MacBinary 2 header (1003/3) 1.71%
      • Adobe PhotoShop Brush (1003/3) 1.71%
      File name:IMG_3862.MOV
      File size:14'220'917 bytes
      MD5:c62f52f8d8c87b76b308b2edd207dc88
      SHA1:0534d42c84eafebe3a15d4b9d7e27cba27a6df55
      SHA256:8b52e9efa637f86b46f4ebb4da3ed4b62b1cd139832e561a1bf5b88a6dd9a4af
      SHA512:8f313d07b1df9201c733442ffb23865eeeddce92f8d78f4007eecccdde7313ea69f843479b84b7f9e7b74862bff47021ccf0c32e3208e98ee24799c7569464e4
      SSDEEP:393216:4IhYqO87RGP0vplv1HqzECEJXNk2bVFbp5TvDxk65+0:4IhrRGP03pq6VJvXI0
      TLSH:3CE6336E5204EB1ED01BA778484727397E9D60BC3425830F75DB3FA9AC92B9CB18B44D
      File Content Preview:....ftypqt ....qt ....moov...lmvhd.....H...H.....X....................................................@..................................~trak...\tkhd.....H...H..............................................................@..............$edts....elst...

      File Icon

      Icon Hash:74f0dcc4c4c4e0e4