Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
windows-7-ultimate-x64-sp1.iso.exe

Overview

General Information

Sample name:windows-7-ultimate-x64-sp1.iso.exe
Analysis ID:1640033
MD5:0fd3c58aa056374f24ddb73e5a185db5
SHA1:d3d4f54fa978bf33fdb8460e51d72d4c85a359cb
SHA256:0009ea31f45dbc216cdebfa54d217990371f765a903ce9649c6e7b7863569e2a
Tags:exetrojanuser-2huMarisa
Infos:

Detection

Score:64
Range:0 - 100
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Contains functionality to register a low level keyboard hook
Installs a global keyboard hook
Sample or dropped binary is a compiled AutoHotkey binary
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
Potential key logger detected (key state polling based)
Queries disk information (often used to detect virtual machines)
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)

Classification

Process Tree

  • System is w10x64
  • windows-7-ultimate-x64-sp1.iso.exe (PID: 7472 cmdline: "C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exe" MD5: 0FD3C58AA056374F24DDB73E5A185DB5)
    • notepad.exe (PID: 7672 cmdline: notepad.exe MD5: E92D3A824A0578A50D2DD81B5060145F)
    • notepad.exe (PID: 8136 cmdline: notepad.exe MD5: E92D3A824A0578A50D2DD81B5060145F)
    • notepad.exe (PID: 7236 cmdline: notepad.exe MD5: E92D3A824A0578A50D2DD81B5060145F)
    • notepad.exe (PID: 2496 cmdline: notepad.exe MD5: E92D3A824A0578A50D2DD81B5060145F)
    • notepad.exe (PID: 1844 cmdline: notepad.exe MD5: E92D3A824A0578A50D2DD81B5060145F)
    • notepad.exe (PID: 5860 cmdline: notepad.exe MD5: E92D3A824A0578A50D2DD81B5060145F)
    • notepad.exe (PID: 7396 cmdline: notepad.exe MD5: E92D3A824A0578A50D2DD81B5060145F)
    • notepad.exe (PID: 7264 cmdline: notepad.exe MD5: E92D3A824A0578A50D2DD81B5060145F)
    • notepad.exe (PID: 1208 cmdline: notepad.exe MD5: E92D3A824A0578A50D2DD81B5060145F)
    • notepad.exe (PID: 7780 cmdline: notepad.exe MD5: E92D3A824A0578A50D2DD81B5060145F)
    • notepad.exe (PID: 3216 cmdline: notepad.exe MD5: E92D3A824A0578A50D2DD81B5060145F)
    • notepad.exe (PID: 7540 cmdline: notepad.exe MD5: E92D3A824A0578A50D2DD81B5060145F)
    • notepad.exe (PID: 1236 cmdline: notepad.exe MD5: E92D3A824A0578A50D2DD81B5060145F)
    • notepad.exe (PID: 5912 cmdline: notepad.exe MD5: E92D3A824A0578A50D2DD81B5060145F)
    • notepad.exe (PID: 3612 cmdline: notepad.exe MD5: E92D3A824A0578A50D2DD81B5060145F)
    • notepad.exe (PID: 6840 cmdline: notepad.exe MD5: E92D3A824A0578A50D2DD81B5060145F)
    • notepad.exe (PID: 5716 cmdline: notepad.exe MD5: E92D3A824A0578A50D2DD81B5060145F)
  • Music.UI.exe (PID: 5636 cmdline: "C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe" -ServerName:Microsoft.ZuneMusic.AppX48dcrcgzqqdshm3kf61t0cm5e9pyd6h6.mca MD5: F963F75C0AD152437E10D656A00793A3)
  • PilotshubApp.exe (PID: 1420 cmdline: "C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exe" -ServerName:App.AppXxsvz1hsv4s5yt1mcgqv0v7q0m7qn9gxy.mca MD5: 890B57DBCB43AB1A04B9750DBDD177C7)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: windows-7-ultimate-x64-sp1.iso.exeVirustotal: Detection: 12%Perma Link
Source: windows-7-ultimate-x64-sp1.iso.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 2.23.244.9:443 -> 192.168.2.4:49723 version: TLS 1.2
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_00477170 _wcschr,_wcschr,_wcschr,FindFirstFileW,FindClose,_wcschr,FindFirstFileW,FindClose,0_2_00477170
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_00444070 FindFirstFileW,GetLastError,FindClose,FileTimeToLocalFileTime,0_2_00444070
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_004770E0 FindFirstFileW,FindClose,GetFileAttributesW,0_2_004770E0
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_004443B0 CreateFileW,GetFileSizeEx,CloseHandle,FindFirstFileW,GetLastError,FindClose,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,0_2_004443B0
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_004558D0 GetFullPathNameW,GetFullPathNameW,GetFullPathNameW,GetFileAttributesW,GetFileAttributesW,GetFileAttributesW,FindFirstFileW,GetLastError,_wcsrchr,_wcsrchr,_wcsncpy,GetTickCount,PeekMessageW,GetTickCount,MoveFileW,DeleteFileW,MoveFileW,GetLastError,CopyFileW,GetLastError,FindNextFileW,FindClose,0_2_004558D0
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_00472A90 FindFirstFileW,FindClose,GetFileAttributesW,CreateFileW,WriteFile,WriteFile,WriteFile,CloseHandle,0_2_00472A90
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_00454C60 _wcschr,_wcschr,GetFileAttributesW,FindFirstFileW,FindClose,CoInitialize,CoCreateInstance,CoUninitialize,0_2_00454C60
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_00443D90 FindFirstFileW,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,0_2_00443D90
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_00455E40 _wcschr,_wcschr,GetFileAttributesW,FindFirstFileW,FindClose,0_2_00455E40
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_0042DF00 FindFirstFileW,FindNextFileW,FindClose,GetTickCount,__wcstoi64,FindNextFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,0_2_0042DF00
Source: Joe Sandbox ViewIP Address: 2.23.244.9 2.23.244.9
Source: Joe Sandbox ViewJA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_004545D0 __wcstoi64,InternetOpenW,InternetOpenUrlW,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,InternetReadFile,InternetReadFile,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,InternetReadFile,InternetReadFileExA,InternetReadFileExA,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,InternetReadFileExA,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,DeleteFileW,0_2_004545D0
Source: global trafficHTTP traffic detected: GET /XBLWinClient/v10_music/configuration.xml HTTP/1.1Accept: */*User-Agent: XBLWIN10.19071Accept-Language: en-CHAccept-Encoding: gzip, deflate, brHost: settings-ssl.xboxlive.comConnection: Keep-Alive
Source: global trafficDNS traffic detected: DNS query: settings-ssl.xboxlive.com
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/DataContracts.Feedback
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/DataContracts.FeedbackH
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/DisplayCategoriesSchema
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/DisplayCategoriesSchemaH
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/FeedbackApp.SIUFModels
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/FeedbackApp.SIUFModelsH
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/FeedbackApp.UIF.Services
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14ED1000.00000004.00000800.00020000.00000000.sdmp, PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/FeedbackApp.UIF.ServicesH
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/FeedbackClient.DataModel
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/FeedbackClient.DataModel.FeedbackTriage.Helper
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/FeedbackClient.DataModel.FeedbackTriage.HelperH
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/FeedbackClient.DataModel.FeedbackTriage.Models
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/FeedbackClient.DataModel.FeedbackTriage.Models.FlightAwarene
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/FeedbackClient.DataModel.FeedbackTriage.Models.RedirectConte
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/FeedbackClient.DataModel.FeedbackTriage.ModelsH
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14ED1000.00000004.00000800.00020000.00000000.sdmp, PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/FeedbackClient.DataModelH
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/FeedbackCommon
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/FeedbackCommon.ClientContract
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/FeedbackCommon.ClientContract.FeedbackTriage.Models
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/FeedbackCommon.ClientContract.FeedbackTriage.Models.FlightAw
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14ED1000.00000004.00000800.00020000.00000000.sdmp, PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/FeedbackCommon.ClientContract.FeedbackTriage.ModelsH
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/FeedbackCommon.ClientContract.FeedbackTriage.Response
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/FeedbackCommon.ClientContract.FeedbackTriage.ResponseH
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/FeedbackCommon.ClientContract.Models
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14ED1000.00000004.00000800.00020000.00000000.sdmp, PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/FeedbackCommon.ClientContract.ModelsH
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/FeedbackCommon.ClientContract.TopicMatch
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/FeedbackCommon.ClientContract.TopicMatchH
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14ED1000.00000004.00000800.00020000.00000000.sdmp, PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/FeedbackCommon.ClientContractH
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/FeedbackCommon.UIF.Services
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/FeedbackCommon.UIF.ServicesH
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/FeedbackCommonH
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/FeedbackHub.Authentication
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/FeedbackHub.AuthenticationH
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/FeedbackHub.Contracts.Feedback
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/FeedbackHub.Contracts.FeedbackH
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/FeedbackHub.Logging.HoloLens
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/FeedbackHub.Logging.HoloLensH
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/FeedbackHub.Models
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/FeedbackHub.Models.Profile
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/FeedbackHub.Models.ProfileH
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/FeedbackHub.ModelsH
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C16300000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/PilotContracts.DataContracts
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/PilotContracts.DataContracts.Feedback
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14ED1000.00000004.00000800.00020000.00000000.sdmp, PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/PilotContracts.DataContracts.FeedbackH
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/PilotContracts.DataContracts.Selfhost
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/PilotContracts.DataContracts.SelfhostH
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14ED1000.00000004.00000800.00020000.00000000.sdmp, PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/PilotContracts.DataContractsH
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/System
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/System.Collections.Generic
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14ED1000.00000004.00000800.00020000.00000000.sdmp, PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/System.Collections.GenericH
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/SystemH
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/UIFContextsSchema
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14ED1000.00000004.00000800.00020000.00000000.sdmp, PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/UIFContextsSchemaH
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/UIFDiagnosticsSchema
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14F94000.00000004.00000800.00020000.00000000.sdmp, PilotshubApp.exe, 00000023.00000002.2471920947.0000024C14F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/UIFDiagnosticsSchemaH
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C1635F000.00000004.00000800.00020000.00000000.sdmp, PilotshubApp.exe, 00000023.00000002.2471920947.0000024C164CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.oP
Source: Music.UI.exe, 00000019.00000002.2497179514.0000029842000000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp
Source: Music.UI.exe, 00000019.00000002.2492052830.0000029841223000.00000004.00000020.00020000.00000000.sdmp, Music.UI.exe, 00000019.00000002.2479605287.0000029839753000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
Source: Music.UI.exe, 00000019.00000002.2492052830.0000029841223000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS?
Source: Music.UI.exe, 00000019.00000002.2492052830.0000029841223000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOSy
Source: windows-7-ultimate-x64-sp1.iso.exeString found in binary or memory: https://autohotkey.com
Source: windows-7-ultimate-x64-sp1.iso.exeString found in binary or memory: https://autohotkey.comCould
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C1635F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/92f4f000de17e0b82e0ad637ac478abc9b410daa
Source: Music.UI.exe, 00000019.00000002.2497470004.00000298420BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: Music.UI.exe, 00000019.00000002.2497470004.00000298420BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/xsts.auth.xboxlive.com
Source: Music.UI.exe, 00000019.00000003.1911907413.000002984162A000.00000004.00000020.00020000.00000000.sdmp, Music.UI.exe, 00000019.00000002.2493013910.0000029841600000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows.local
Source: Music.UI.exe, 00000019.00000002.2494359194.0000029841913000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows.local/
Source: Music.UI.exe, 00000019.00000002.2497717685.000002984223D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net
Source: Music.UI.exe, 00000019.00000002.2497717685.000002984223D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/
Source: Music.UI.exe, 00000019.00000002.2493386735.0000029841700000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://musicart.xboxlive.com/9/5c6a4700-0000-0000-0000-000000000002/504/image.jpg-
Source: Music.UI.exe, 00000019.00000002.2493386735.0000029841700000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://musicart.xboxlive.com/9/e74d4600-0000-0000-0000-000000000002/504/image.jpg
Source: Music.UI.exe, 00000019.00000002.2494412815.0000029841924000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://musicimage.xboxlive.comtXBLWinClient/v10_music/configuration.xml
Source: Music.UI.exe, 00000019.00000002.2497901638.00000298422A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://settings-ssl.xboxlive.com/
Source: Music.UI.exe, 00000019.00000002.2497901638.00000298422A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://settings-ssl.xboxlive.com/.xml
Source: Music.UI.exe, 00000019.00000002.2494412815.0000029841924000.00000004.00000020.00020000.00000000.sdmp, Music.UI.exe, 00000019.00000002.2478705931.000002983966E000.00000004.00000020.00020000.00000000.sdmp, Music.UI.exe, 00000019.00000002.2481534062.000002983FA57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://settings-ssl.xboxlive.com/XBLWinClient/v10_music/configuration.xml
Source: Music.UI.exe, 00000019.00000002.2497901638.00000298422A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://settings-ssl.xboxlive.comH
Source: Music.UI.exe, 00000019.00000002.2497717685.000002984223D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/
Source: Music.UI.exe, 00000019.00000002.2497717685.000002984223D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xsts.auth.xboxlive.com
Source: Music.UI.exe, 00000019.00000002.2497717685.000002984223D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xsts.auth.xboxlive.com/
Source: Music.UI.exe, 00000019.00000002.2493486426.000002984174D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xsts.auth.xboxlive.com5png1002
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownHTTPS traffic detected: 2.23.244.9:443 -> 192.168.2.4:49723 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

barindex
Contains functionality to register a low level keyboard hook
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_00409200 SetWindowsHookExW 0000000D,00404BF0,00400000,000000000_2_00409200
Installs a global keyboard hook
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeWindows user hook set: 0 keyboard low level C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeJump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeWindows user hook set: 1948 call wnd proc C:\Windows\System32\shcore.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeWindows user hook set: 5148 call wnd proc C:\Windows\System32\shcore.dll
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_00404990 GetTickCount,GetTickCount,OpenClipboard,OpenClipboard,GetTickCount,OpenClipboard,0_2_00404990
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_00479220 EmptyClipboard,GlobalUnlock,CloseClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalUnlock,CloseClipboard,GlobalFree,GlobalUnlock,CloseClipboard,0_2_00479220
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_004046C0 EmptyClipboard,GlobalUnlock,CloseClipboard,GlobalUnlock,GlobalUnlock,GlobalFree,GlobalUnlock,CloseClipboard,SetClipboardData,GlobalUnlock,CloseClipboard,0_2_004046C0
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_00404890 GetClipboardFormatNameW,__wcsnicmp,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,GetClipboardData,0_2_00404890
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_0043A490 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,ReleaseDC,SelectObject,DeleteDC,DeleteObject,_free,GetPixel,ReleaseDC,0_2_0043A490
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_0040F250 __wcsnicmp,__wcsnicmp,GetWindowThreadProcessId,AttachThreadInput,GetKeyboardLayout,GetTickCount,GetCurrentThreadId,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetGUIThreadInfo,GetWindowThreadProcessId,GetTickCount,BlockInput,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,_wcschr,_wcschr,__wcsnicmp,__wcsnicmp,_wcschr,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsicoll,PostMessageW,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,__wcsnicmp,__wcsnicmp,__fassign,PostMessageW,PostMessageW,PostMessageW,__itow,PostMessageW,_free,GetTickCount,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetKeyState,GetKeyState,GetKeyState,GetForegroundWindow,GetWindowThreadProcessId,AttachThreadInput,BlockInput,GetForegroundWindow,GetWindowThreadProcessId,0_2_0040F250
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_0040F250 __wcsnicmp,__wcsnicmp,GetWindowThreadProcessId,AttachThreadInput,GetKeyboardLayout,GetTickCount,GetCurrentThreadId,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetGUIThreadInfo,GetWindowThreadProcessId,GetTickCount,BlockInput,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,_wcschr,_wcschr,__wcsnicmp,__wcsnicmp,_wcschr,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsicoll,PostMessageW,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,__wcsnicmp,__wcsnicmp,__fassign,PostMessageW,PostMessageW,PostMessageW,__itow,PostMessageW,_free,GetTickCount,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetKeyState,GetKeyState,GetKeyState,GetForegroundWindow,GetWindowThreadProcessId,AttachThreadInput,BlockInput,GetForegroundWindow,GetWindowThreadProcessId,0_2_0040F250
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_004013F4 GlobalUnlock,CloseClipboard,SetTimer,GetTickCount,GetTickCount,GetMessageW,GetTickCount,GetFocus,TranslateAcceleratorW,GetKeyState,GetWindowLongW,IsWindowEnabled,GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,IsDialogMessageW,ShowWindow,GetForegroundWindow,GetWindowThreadProcessId,GetClassNameW,KillTimer,DragQueryFileW,DragFinish,GetTickCount,DragFinish,DragFinish,_wcsncpy,_wcsncpy,GetTickCount,_wcsncpy,GetTickCount,IsDialogMessageW,SetCurrentDirectoryW,TranslateAcceleratorW,TranslateMessage,DispatchMessageW,0_2_004013F4
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_0040F686 GetTickCount,GetTickCount,PeekMessageW,GetTickCount,_wcschr,_wcschr,__wcsnicmp,_free,GetKeyState,GetKeyState,GetKeyState,GetForegroundWindow,GetWindowThreadProcessId,AttachThreadInput,BlockInput,0_2_0040F686
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_00412B00 GetKeyState,GetKeyState,GetKeyState,GetForegroundWindow,GetWindowThreadProcessId,GetKeyState,0_2_00412B00

System Summary

barindex
Sample or dropped binary is a compiled AutoHotkey binary
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeWindow found: window name: AutoHotkeyJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_00440560: CreateFileW,DeviceIoControl,CloseHandle,0_2_00440560
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_00455EB0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,0_2_00455EB0
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_004081400_2_00408140
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_0040F2500_2_0040F250
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_004013F40_2_004013F4
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_00404F200_2_00404F20
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_004201C00_2_004201C0
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_004422600_2_00442260
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_004922620_2_00492262
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_0048E2B00_2_0048E2B0
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_004183E00_2_004183E0
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_004824050_2_00482405
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_0041C4300_2_0041C430
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_0043A4900_2_0043A490
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_0048949E0_2_0048949E
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_0043F5600_2_0043F560
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_0040C5300_2_0040C530
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_0049D58D0_2_0049D58D
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_004826750_2_00482675
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_004846200_2_00484620
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_004966C50_2_004966C5
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_004996AF0_2_004996AF
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_0040D7700_2_0040D770
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_004147F00_2_004147F0
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_00432AC00_2_00432AC0
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_00481AFB0_2_00481AFB
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_00475BB00_2_00475BB0
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_00499C000_2_00499C00
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_0049ECD00_2_0049ECD0
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_0049AD4C0_2_0049AD4C
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_0045FE300_2_0045FE30
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_0049CEB10_2_0049CEB1
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_00447F400_2_00447F40
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_0040BF100_2_0040BF10
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_0047EF100_2_0047EF10
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_0042EF900_2_0042EF90
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: String function: 00476360 appears 73 times
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: String function: 00430370 appears 80 times
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: String function: 0049AF30 appears 44 times
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: String function: 0048FC19 appears 346 times
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: String function: 00476400 appears 50 times
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: String function: 00494550 appears 33 times
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: String function: 00430620 appears 264 times
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: String function: 0048FE1D appears 54 times
Source: windows-7-ultimate-x64-sp1.iso.exe, 00000000.00000000.1192171110.00000000004CE000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename vs windows-7-ultimate-x64-sp1.iso.exe
Source: windows-7-ultimate-x64-sp1.iso.exeBinary or memory string: OriginalFilename vs windows-7-ultimate-x64-sp1.iso.exe
Source: windows-7-ultimate-x64-sp1.iso.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: mal64.spyw.evad.winEXE@51/83@1/1
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_00431310 __wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,_memset,CreateProcessW,CloseHandle,CloseHandle,GetLastError,_memset,__wcsicoll,_wcschr,SetCurrentDirectoryW,_wcschr,_wcschr,GetFileAttributesW,_wcschr,SetCurrentDirectoryW,ShellExecuteExW,GetModuleHandleW,GetProcAddress,GetLastError,FormatMessageW,0_2_00431310
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_00455EB0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,0_2_00455EB0
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_00440200 _wcsncpy,GetDiskFreeSpaceExW,0_2_00440200
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_004560C0 CreateToolhelp32Snapshot,Process32FirstW,__wcstoi64,Process32NextW,__wsplitpath,__wcsicoll,Process32NextW,CloseHandle,CloseHandle,CloseHandle,0_2_004560C0
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_00441300 CoCreateInstance,__fassign,0_2_00441300
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_004781C0 SystemParametersInfoW,LoadLibraryExW,EnumResourceNamesW,FindResourceW,LoadResource,LockResource,GetSystemMetrics,FindResourceW,LoadResource,LockResource,SizeofResource,CreateIconFromResourceEx,FreeLibrary,ExtractIconW,ExtractIconW,0_2_004781C0
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeMutant created: \Sessions\1\BaseNamedObjects\AHK Keybd
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCommand line argument: /restart0_2_00403D20
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCommand line argument: /force0_2_00403D20
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCommand line argument: /ErrorStdOut0_2_00403D20
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCommand line argument: A_Args0_2_00403D20
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCommand line argument: A_Args0_2_00403D20
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCommand line argument: AutoHotkey0_2_00403D20
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCommand line argument: AutoHotkey0_2_00403D20
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCommand line argument: Clipboard0_2_00403D20
Source: windows-7-ultimate-x64-sp1.iso.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: windows-7-ultimate-x64-sp1.iso.exeVirustotal: Detection: 12%
Source: unknownProcess created: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exe "C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exe"
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: C:\Windows\SysWOW64\notepad.exe notepad.exe
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: C:\Windows\SysWOW64\notepad.exe notepad.exe
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: C:\Windows\SysWOW64\notepad.exe notepad.exe
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: C:\Windows\SysWOW64\notepad.exe notepad.exe
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: C:\Windows\SysWOW64\notepad.exe notepad.exe
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: C:\Windows\SysWOW64\notepad.exe notepad.exe
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: C:\Windows\SysWOW64\notepad.exe notepad.exe
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: C:\Windows\SysWOW64\notepad.exe notepad.exe
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: C:\Windows\SysWOW64\notepad.exe notepad.exe
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: C:\Windows\SysWOW64\notepad.exe notepad.exe
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: C:\Windows\SysWOW64\notepad.exe notepad.exe
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: C:\Windows\SysWOW64\notepad.exe notepad.exe
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: C:\Windows\SysWOW64\notepad.exe notepad.exe
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: C:\Windows\SysWOW64\notepad.exe notepad.exe
Source: unknownProcess created: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe "C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe" -ServerName:Microsoft.ZuneMusic.AppX48dcrcgzqqdshm3kf61t0cm5e9pyd6h6.mca
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: C:\Windows\SysWOW64\notepad.exe notepad.exe
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: C:\Windows\SysWOW64\notepad.exe notepad.exe
Source: unknownProcess created: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exe "C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exe" -ServerName:App.AppXxsvz1hsv4s5yt1mcgqv0v7q0m7qn9gxy.mca
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: C:\Windows\SysWOW64\notepad.exe notepad.exe
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: C:\Windows\SysWOW64\notepad.exe notepad.exeJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: C:\Windows\SysWOW64\notepad.exe notepad.exeJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: C:\Windows\SysWOW64\notepad.exe notepad.exeJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: C:\Windows\SysWOW64\notepad.exe notepad.exeJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: C:\Windows\SysWOW64\notepad.exe notepad.exeJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: C:\Windows\SysWOW64\notepad.exe notepad.exeJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: C:\Windows\SysWOW64\notepad.exe notepad.exeJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: C:\Windows\SysWOW64\notepad.exe notepad.exeJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: C:\Windows\SysWOW64\notepad.exe notepad.exeJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: C:\Windows\SysWOW64\notepad.exe notepad.exeJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: C:\Windows\SysWOW64\notepad.exe notepad.exeJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: C:\Windows\SysWOW64\notepad.exe notepad.exeJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: C:\Windows\SysWOW64\notepad.exe notepad.exeJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: C:\Windows\SysWOW64\notepad.exe notepad.exeJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: C:\Windows\SysWOW64\notepad.exe notepad.exeJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: C:\Windows\SysWOW64\notepad.exe notepad.exeJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: C:\Windows\SysWOW64\notepad.exe notepad.exeJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeSection loaded: kbdsg.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: mrmcorer.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: efswrt.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: mrmcorer.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: efswrt.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: mrmcorer.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: efswrt.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: mrmcorer.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: efswrt.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: mrmcorer.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: efswrt.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: mrmcorer.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: efswrt.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: mrmcorer.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: efswrt.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: mrmcorer.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: efswrt.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: mrmcorer.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: efswrt.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: mrmcorer.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: efswrt.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: mrmcorer.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: efswrt.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: mrmcorer.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: efswrt.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: mrmcorer.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: wldp.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: textshaping.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: efswrt.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: wintypes.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: oleacc.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: textinputframework.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coreuicomponents.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coremessaging.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coremessaging.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: mrmcorer.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: wldp.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: textshaping.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: efswrt.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: wintypes.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: oleacc.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: textinputframework.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coreuicomponents.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coremessaging.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coremessaging.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: d3d11.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: sharedui.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: vccorlib140_app.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: msvcp140_app.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: concrt140_app.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: vcruntime140_app.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: dxgi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: vcruntime140_app.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: vcruntime140_app.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.ui.xaml.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: coremessaging.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: bcp47langs.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: iertutil.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: dcomp.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: twinapi.appcore.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: wintypes.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.staterepositorycore.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.ui.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windowmanagementapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: textinputframework.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: inputhost.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: propsys.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: ntmarta.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: uxtheme.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: urlmon.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: srvcli.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: netutils.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: resourcepolicyclient.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: d3d10warp.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: dxcore.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: d2d1.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: rometadata.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: dwrite.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: textshaping.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.applicationmodel.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: esent.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.storage.applicationdata.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.storage.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: wldp.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: logoncli.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: mrmcorer.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.staterepositoryclient.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: profapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: appxdeploymentclient.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: bcp47mrm.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: cryptbase.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.ui.xaml.controls.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.shell.servicehostbuilder.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: execmodelproxy.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: rmclient.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: uiamanager.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.ui.core.textinput.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.ui.immersive.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: dataexchange.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: threadpoolwinrt.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.globalization.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.system.profile.retailinfo.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.media.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.applicationmodel.lockscreen.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: wincorlib.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: lockappbroker.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: powrprof.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: umpdc.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.graphics.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.ui.xaml.phone.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: twinapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.networking.connectivity.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.media.playback.mediaplayer.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: mfplat.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: rtworkq.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.media.mediacontrol.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: mmdevapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: devobj.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: mfmediaengine.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: xmllite.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: audioses.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.media.devices.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.media.playback.proxystub.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: comppkgsup.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: directmanipulation.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: msftedit.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: globinputhost.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.devices.enumeration.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: devdispitemprovider.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: ddores.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: defaultdevicemanager.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: msxml6.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: wpnapps.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.web.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: userenv.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: profext.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windowscodecs.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: wuceffects.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: photometadatahandler.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: biwinrt.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.security.authentication.web.core.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: vaultcli.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: microsoftaccountwamextension.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: mfsrcsnk.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: appcontracts.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: usermgrproxy.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: cdprt.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: cdp.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: dsreg.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: cryptsp.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: mfps.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: mfmp4srcsnk.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: msamrnbsource.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: mfasfsrcsnk.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: mfds.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: msflacdecoder.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: avrt.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: mfmpeg2srcsnk.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: mfmkvsrcsnk.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: mfnetsrc.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: mfnetcore.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: wininet.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: sspicli.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: winhttp.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: mswsock.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: iphlpapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: winnsi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.networking.backgroundtransfer.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: systemeventsbrokerclient.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: dwmapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: dnsapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: rasadhlp.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: schannel.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.system.launcher.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: mskeyprotect.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: ntasn1.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: ncrypt.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: ncryptsslp.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: msasn1.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: dpapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: rsaenh.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: gpapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: gnsdk_fp.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: cryptowinrt.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: mrmcorer.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: wldp.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: textshaping.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: efswrt.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: wintypes.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: oleacc.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: textinputframework.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coreuicomponents.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coremessaging.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: mrmcorer.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: wldp.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: textshaping.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: efswrt.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: wintypes.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: oleacc.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: textinputframework.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coreuicomponents.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: coremessaging.dll
Source: C:\Windows\SysWOW64\notepad.exeSection loaded: ntmarta.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: pilotshubapp.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: sharedlibrary.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: mrt100_app.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: iphlpapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: sspicli.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: wintypes.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: ncrypt.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: mrt100_app.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: wintypes.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: vcruntime140_app.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: dpapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: mrt100.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: rmclient.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: ntasn1.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: twinapi.appcore.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: windows.ui.xaml.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: coremessaging.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: bcp47langs.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: iertutil.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: dcomp.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: windows.staterepositorycore.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: windows.ui.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: windowmanagementapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: textinputframework.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: inputhost.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: propsys.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: ntmarta.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: uxtheme.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: urlmon.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: srvcli.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: netutils.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: dxgi.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: resourcepolicyclient.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: d3d11.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: d3d10warp.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: mrmcorer.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: windows.staterepositoryclient.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: dxcore.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: d2d1.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: dwrite.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: profapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: appxdeploymentclient.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: bcp47mrm.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: textshaping.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: windows.storage.applicationdata.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: winrttracing.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: windows.applicationmodel.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: windows.perception.stub.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: rometadata.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: userenv.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: profext.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: flightsettings.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: windows.web.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: wosc.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: cryptsp.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: windows.networking.connectivity.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: msvcp140_app.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: windows.shell.servicehostbuilder.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: execmodelproxy.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: updatepolicy.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: cabinet.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: msasn1.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: policymanager.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: utcutil.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: logoncli.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: fcon.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: uiamanager.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: windows.ui.core.textinput.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: windows.ui.immersive.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: dataexchange.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: logoncli.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: vccorlib140_app.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: vcruntime140_1_app.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: wpnapps.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: xmllite.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: windows.globalization.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: windows.storage.dll
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeSection loaded: wldp.dll
Source: C:\Windows\SysWOW64\notepad.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\InProcServer32Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeFile opened: C:\Windows\SYSTEM32\msftedit.dll
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_0046A020 LoadLibraryW,GetProcAddress,FreeLibrary,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetSysColor,SendMessageW,0_2_0046A020
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_00494595 push ecx; ret 0_2_004945A8
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_0047A1D0 GetWindowThreadProcessId,GetWindowThreadProcessId,GetForegroundWindow,IsIconic,ShowWindow,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,SetForegroundWindow,SetForegroundWindow,GetForegroundWindow,GetWindow,AttachThreadInput,AttachThreadInput,BringWindowToTop,0_2_0047A1D0
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_004630C0 GetWindowLongW,GetWindowLongW,GetWindowLongW,__wcsnicmp,__wcsnicmp,__wcsicoll,SetWindowPos,__wcsicoll,__wcsicoll,__wcsnicmp,__wcsicoll,__wcsicoll,__wcsicoll,EnableWindow,__wcsnicmp,__wcsnicmp,__wcsicoll,__wcsicoll,__wcsicoll,__wcsnicmp,MulDiv,MulDiv,__wcsnicmp,MulDiv,MulDiv,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcstoi64,IsWindow,SetParent,SetWindowLongW,SetParent,IsWindowVisible,IsIconic,SetWindowLongW,SetWindowLongW,SetWindowPos,InvalidateRect,0_2_004630C0
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_0047A090 GetForegroundWindow,IsWindowVisible,IsIconic,ShowWindow,0_2_0047A090
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_00439180 GetForegroundWindow,IsWindowVisible,GetWindowThreadProcessId,IsZoomed,IsIconic,GetWindowLongW,GetModuleHandleW,GetProcAddress,0_2_00439180
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_0046A240 SendMessageW,SendMessageW,SendMessageW,GetWindowLongW,IsWindowVisible,IsIconic,GetFocus,GetWindowRect,GetPropW,ShowWindow,GetUpdateRect,SendMessageW,GetWindowLongW,ShowWindow,EnableWindow,GetWindowRect,PtInRect,PtInRect,PtInRect,SetFocus,SendMessageW,SendMessageW,ShowWindow,SetFocus,InvalidateRect,InvalidateRect,InvalidateRect,MapWindowPoints,InvalidateRect,0_2_0046A240
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_004663F0 SetWindowTextW,IsZoomed,IsIconic,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,MulDiv,MulDiv,ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,GetWindowRect,GetWindowLongW,GetWindowRect,GetClientRect,IsWindowVisible,GetWindowLongW,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,SystemParametersInfoW,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetWindowRect,GetClientRect,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,GetDlgCtrlID,SetFocus,0_2_004663F0
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_004663F0 SetWindowTextW,IsZoomed,IsIconic,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,MulDiv,MulDiv,ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,GetWindowRect,GetWindowLongW,GetWindowRect,GetClientRect,IsWindowVisible,GetWindowLongW,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,SystemParametersInfoW,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetWindowRect,GetClientRect,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,GetDlgCtrlID,SetFocus,0_2_004663F0
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_0043D4F0 GetCursorPos,GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,WindowFromPoint,EnumChildWindows,_memset,EnumChildWindows,GetClassNameW,EnumChildWindows,0_2_0043D4F0
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_0043A490 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,ReleaseDC,SelectObject,DeleteDC,DeleteObject,_free,GetPixel,ReleaseDC,0_2_0043A490
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_0043C660 SendMessageW,SendMessageW,SendMessageW,IsWindowVisible,ShowWindow,ShowWindow,IsIconic,ShowWindow,GetForegroundWindow,SetForegroundWindow,SendMessageW,0_2_0043C660
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_00477760 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,0_2_00477760
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_004777C0 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,0_2_004777C0
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_0043ACA0 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,_wcsrchr,__wcsicoll,__wcsicoll,__wcsicoll,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,__wcsnicmp,__fassign,__wcsnicmp,_wcsncpy,__fassign,__fassign,__fassign,__fassign,GetDC,DestroyIcon,DeleteObject,DeleteObject,GetIconInfo,DeleteObject,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,ReleaseDC,DeleteObject,SelectObject,DeleteDC,DeleteObject,_free,_free,_free,0_2_0043ACA0
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_00452E00 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,CreateDCW,GetDC,GetPixel,DeleteDC,ReleaseDC,0_2_00452E00
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_0045FE30 MulDiv,MulDiv,MulDiv,_wcschr,__wcsicoll,MulDiv,MulDiv,MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,MulDiv,MulDiv,GetDC,SelectObject,GetTextMetricsW,GetSystemMetrics,GetDC,SelectObject,GetTextMetricsW,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,_wcschr,DrawTextW,DrawTextW,GetCharABCWidthsW,MulDiv,GetSystemMetrics,GetSystemMetrics,MulDiv,MulDiv,MulDiv,MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetWindowLongW,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,CreateWindowExW,CreateWindowExW,CreateWindowExW,CreateWindowExW,GetWindowLongW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,CreateWindowExW,SendMessageW,CreateWindowExW,SendMessageW,SendMessageW,MulDiv,MulDiv,MulDiv,MoveWindow,SelectObject,ReleaseDC,SendMessageW,SendMessageW,GetClientRect,SetWindowLongW,SendMessageW,SetWindowLongW,MoveWindow,GetWindowRect,SendMessageW,SetWindowPos,GetWindowRect,MapWindowPoints,InvalidateRect,SetWindowPos,SetWindowPos,MapWindowPoints,0_2_0045FE30
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: PilotshubApp.exe, 00000023.00000003.1976639336.0000024C36502000.00000004.00000020.00020000.00000000.sdmp, PilotshubApp.exe, 00000023.00000003.1998568750.0000024C36602000.00000004.00000020.00020000.00000000.sdmp, PilotshubApp.exe, 00000023.00000003.1968378518.0000024C36437000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <DETECTIONMATCH>WINDBG.EXE</DETECTIONMATCH>
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C15257000.00000004.00000800.00020000.00000000.sdmp, PilotshubApp.exe, 00000023.00000002.2471920947.0000024C15CA6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: WINDBG.EXE
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeMemory allocated: 24C14ED0000 memory reserve | memory write watch
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeMemory allocated: 24C2CED0000 memory reserve | memory write watch
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeMemory allocated: 24C14BE0000 memory reserve | memory write watch
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeMemory allocated: 24C2D5D0000 memory reserve | memory write watch
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeMemory allocated: 24C30590000 memory reserve | memory write watch
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeMemory allocated: 24C2DFD0000 memory reserve | memory write watch
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeMemory allocated: 24C30580000 memory reserve | memory write watch
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeMemory allocated: 24C34930000 memory reserve | memory write watch
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeMemory allocated: 24C34960000 memory reserve | memory write watch
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeMemory allocated: 24C34970000 memory reserve | memory write watch
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeMemory allocated: 24C35440000 memory reserve | memory write watch
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeMemory allocated: 24C35430000 memory reserve | memory write watch
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeMemory allocated: 24C35450000 memory reserve | memory write watch
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeMemory allocated: 24C35460000 memory reserve | memory write watch
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeMemory allocated: 24C35470000 memory reserve | memory write watch
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeMemory allocated: 24C35480000 memory reserve | memory write watch
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeMemory allocated: 24C35500000 memory reserve | memory write watch
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeMemory allocated: 24C35520000 memory reserve | memory write watch
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeMemory allocated: 24C35530000 memory reserve | memory write watch
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeMemory allocated: 24C35580000 memory reserve | memory write watch
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeMemory allocated: 24C355B0000 memory reserve | memory write watch
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeMemory allocated: 24C35F80000 memory reserve | memory write watch
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeMemory allocated: 24C35FA0000 memory reserve | memory write watch
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeMemory allocated: 24C35FD0000 memory reserve | memory write watch
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeMemory allocated: 24C35FF0000 memory reserve | memory write watch
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeMemory allocated: 24C369C0000 memory reserve | memory write watch
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeMemory allocated: 24C369D0000 memory reserve | memory write watch
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeMemory allocated: 24C369E0000 memory reserve | memory write watch
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeMemory allocated: 24C369F0000 memory reserve | memory write watch
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeMemory allocated: 24C36A00000 memory reserve | memory write watch
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeMemory allocated: 24C36B10000 memory reserve | memory write watch
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeAPI coverage: 3.5 %
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe TID: 3540Thread sleep count: 320 > 30
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe TID: 3540Thread sleep time: -27648000000s >= -30000s
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe TID: 1948Thread sleep count: 177 > 30
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe TID: 3540Thread sleep time: -86399999s >= -30000s
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe TID: 3540Thread sleep time: -86400000s >= -30000s
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeFile opened: PhysicalDrive0
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000807Jump to behavior
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_00413B80 GetKeyboardLayout followed by cmp: cmp al, 19h and CTI: ja 00413C6Fh country: Russian (ru)0_2_00413B80
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_00406DD0 GetKeyboardLayout followed by cmp: cmp dword ptr [004cc1fch], ebx and CTI: je 00406F90h0_2_00406DD0
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_00477170 _wcschr,_wcschr,_wcschr,FindFirstFileW,FindClose,_wcschr,FindFirstFileW,FindClose,0_2_00477170
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_00444070 FindFirstFileW,GetLastError,FindClose,FileTimeToLocalFileTime,0_2_00444070
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_004770E0 FindFirstFileW,FindClose,GetFileAttributesW,0_2_004770E0
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_004443B0 CreateFileW,GetFileSizeEx,CloseHandle,FindFirstFileW,GetLastError,FindClose,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,0_2_004443B0
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_004558D0 GetFullPathNameW,GetFullPathNameW,GetFullPathNameW,GetFileAttributesW,GetFileAttributesW,GetFileAttributesW,FindFirstFileW,GetLastError,_wcsrchr,_wcsrchr,_wcsncpy,GetTickCount,PeekMessageW,GetTickCount,MoveFileW,DeleteFileW,MoveFileW,GetLastError,CopyFileW,GetLastError,FindNextFileW,FindClose,0_2_004558D0
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_00472A90 FindFirstFileW,FindClose,GetFileAttributesW,CreateFileW,WriteFile,WriteFile,WriteFile,CloseHandle,0_2_00472A90
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_00454C60 _wcschr,_wcschr,GetFileAttributesW,FindFirstFileW,FindClose,CoInitialize,CoCreateInstance,CoUninitialize,0_2_00454C60
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_00443D90 FindFirstFileW,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,0_2_00443D90
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_00455E40 _wcschr,_wcschr,GetFileAttributesW,FindFirstFileW,FindClose,0_2_00455E40
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_0042DF00 FindFirstFileW,FindNextFileW,FindClose,GetTickCount,__wcstoi64,FindNextFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,0_2_0042DF00
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C15257000.00000004.00000800.00020000.00000000.sdmp, PilotshubApp.exe, 00000023.00000002.2471920947.0000024C15CA6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C15C80000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: <categoryName>Hyper-V</categoryName>
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C15257000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V`
Source: PilotshubApp.exe, 00000023.00000003.1976639336.0000024C36502000.00000004.00000020.00020000.00000000.sdmp, PilotshubApp.exe, 00000023.00000003.1998568750.0000024C36602000.00000004.00000020.00020000.00000000.sdmp, PilotshubApp.exe, 00000023.00000002.2488677893.0000024C36043000.00000004.00000020.00020000.00000000.sdmp, PilotshubApp.exe, 00000023.00000003.1968378518.0000024C36437000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <displayFeature>Hyper-V</displayFeature>
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C15487000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AContext[Hyper-V] Id[101] App[][] Running[False] EnumType[Unknown]
Source: Music.UI.exe, 00000019.00000002.2499170084.0000029842600000.00000004.00000020.00020000.00000000.sdmp, PilotshubApp.exe, 00000023.00000002.2483301519.0000024C34B94000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_0040F250 __wcsnicmp,__wcsnicmp,GetWindowThreadProcessId,AttachThreadInput,GetKeyboardLayout,GetTickCount,GetCurrentThreadId,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetGUIThreadInfo,GetWindowThreadProcessId,GetTickCount,BlockInput,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,_wcschr,_wcschr,__wcsnicmp,__wcsnicmp,_wcschr,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsicoll,PostMessageW,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,__wcsnicmp,__wcsnicmp,__fassign,PostMessageW,PostMessageW,PostMessageW,__itow,PostMessageW,_free,GetTickCount,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetKeyState,GetKeyState,GetKeyState,GetForegroundWindow,GetWindowThreadProcessId,AttachThreadInput,BlockInput,GetForegroundWindow,GetWindowThreadProcessId,0_2_0040F250
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_004966B6 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_004966B6
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_0046A020 LoadLibraryW,GetProcAddress,FreeLibrary,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetSysColor,SendMessageW,0_2_0046A020
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_0049C54E __lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,0_2_0049C54E
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_004981F2 SetUnhandledExceptionFilter,0_2_004981F2
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_004966B6 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_004966B6
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_00493AA5 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00493AA5
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_00431310 __wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,_memset,CreateProcessW,CloseHandle,CloseHandle,GetLastError,_memset,__wcsicoll,_wcschr,SetCurrentDirectoryW,_wcschr,_wcschr,GetFileAttributesW,_wcschr,SetCurrentDirectoryW,ShellExecuteExW,GetModuleHandleW,GetProcAddress,GetLastError,FormatMessageW,0_2_00431310
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_00410DC0 GetCurrentThreadId,GetKeyboardState,SetKeyboardState,PostMessageW,PostMessageW,PostMessageW,BlockInput,GetForegroundWindow,GetAsyncKeyState,keybd_event,keybd_event,GetAsyncKeyState,keybd_event,GetAsyncKeyState,BlockInput,0_2_00410DC0
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_004122A0 mouse_event,0_2_004122A0
Source: windows-7-ultimate-x64-sp1.iso.exeBinary or memory string: Program Manager
Source: windows-7-ultimate-x64-sp1.iso.exeBinary or memory string: Shell_TrayWnd
Source: windows-7-ultimate-x64-sp1.iso.exeBinary or memory string: Progman
Source: windows-7-ultimate-x64-sp1.iso.exeBinary or memory string: "%-1.300s"The maximum number of MsgBoxes has been reached.IsHungAppWindowDwmGetWindowAttributedwmapi.dllahk_idpidgroup%s%uProgram ManagerProgmanWorkerWError text not found (please report)Q\E{0,DEFINEUTF16)UCP)NO_START_OPT)CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument is compiled in 8 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edbtmp.log VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edbtmp.log VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edbres00001.jrs VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edbres00002.jrs VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.chk VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.jfm VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\tmp.edb VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Resources\Fonts\SegMVR2.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Resources\Fonts\SegMVR2.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Resources\Fonts\SegMVR2.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Resources\Fonts\SegMVR2.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Resources\Fonts\SegMVR2.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\SRPData.xml VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\DiagOutputDir VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\DiagOutputDir\CriticalError_playbackTrace_1746565210.txt VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\DiagOutputDir\CriticalError_playbackTrace_1751058011.txt VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\DiagOutputDir\CriticalError_playbackTrace_1752440411.txt VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\DiagOutputDir\CriticalError_playbackTrace_1754427612.txt VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\DiagOutputDir\CriticalError_playbackTrace_1755637213.txt VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\DiagOutputDir\CriticalError_playbackTrace_1760302814.txt VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\DiagOutputDir\CriticalError_playbackTrace_1765400416.txt VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\DiagOutputDir\CriticalError_playbackTrace_1769806817.txt VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\DiagOutputDir\CriticalError_playbackTrace_1770584417.txt VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\DiagOutputDir\CriticalError_playbackTrace_1771016417.txt VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\DiagOutputDir\CriticalError_playbackTrace_1772571617.txt VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\DiagOutputDir\CriticalError_playbackTrace_1773090017.txt VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\DiagOutputDir\CriticalError_playbackTrace_1773349218.txt VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\DiagOutputDir\CriticalError_playbackTrace_1774645218.txt VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\DiagOutputDir\CriticalError_playbackTrace_1776718818.txt VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\DiagOutputDir\CriticalError_playbackTrace_1778101218.txt VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\DiagOutputDir\CriticalError_playbackTrace_1778619618.txt VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\DiagOutputDir\CriticalError_playbackTrace_1785186019.txt VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\DiagOutputDir\CriticalError_playbackTrace_1785877219.txt VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\DiagOutputDir\CriticalError_playbackTrace_1787259620.txt VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\DiagOutputDir\CriticalError_playbackTrace_1787950820.txt VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\DiagOutputDir\CriticalError_playbackTrace_1807131624.txt VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\DiagOutputDir\CriticalError_playbackTrace_1808168424.txt VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\DiagOutputDir\CriticalError_playbackTrace_1809291624.txt VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\LocalState\DiagOutputDir VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\LocalState\content VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\Fonts\FHubMDL2.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\Fonts\FHubMDL2.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\Fonts\FHubMDL2.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\Fonts\FHubMDL2.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\Fonts\FHubMDL2.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\TempState\FBHubApp_20250316T170018_6fd87231-b025-476e-8f0c-593c1e1793e8.log VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\LocalState\content\QuestionsMapping.json VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\LocalState\content\FeedbackCategories.json VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\LocalState\content\_customSessionState.xml VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\LocalState\drafts VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\LocalState\content\AppInventory.json VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeQueries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_004760E0 SystemTimeToFileTime,SystemTimeToFileTime,GetSystemTimeAsFileTime,FileTimeToLocalFileTime,SystemTimeToFileTime,GetSystemTimeAsFileTime,FileTimeToLocalFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,0_2_004760E0
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_00445C20 GetComputerNameW,GetUserNameW,0_2_00445C20
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_00414971 GetModuleHandleW,GetProcAddress,GetVersionExW,__snwprintf,0_2_00414971
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C15257000.00000004.00000800.00020000.00000000.sdmp, PilotshubApp.exe, 00000023.00000002.2471920947.0000024C15CA6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: MSASCui.exe
Source: PilotshubApp.exe, 00000023.00000002.2471920947.0000024C15257000.00000004.00000800.00020000.00000000.sdmp, PilotshubApp.exe, 00000023.00000002.2471920947.0000024C15CA6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: msascui.exe
Source: PilotshubApp.exe, 00000023.00000003.1872806894.0000024C344BF000.00000004.00000020.00020000.00000000.sdmp, PilotshubApp.exe, 00000023.00000003.1875911153.0000024C344CF000.00000004.00000020.00020000.00000000.sdmp, PilotshubApp.exe, 00000023.00000003.1875880503.0000024C344CB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \BullGuard Ltd\BullGuard\BullGuard.exe
Source: windows-7-ultimate-x64-sp1.iso.exeBinary or memory string: WIN_XP
Source: windows-7-ultimate-x64-sp1.iso.exeBinary or memory string: ?*A Goto/Gosub must not jump into a block that doesn't enclose it.ddddddd%02d%dmsSlowLogoffSingle1.1.33.02\AutoHotkey.exeWIN32_NTWIN_8.1WIN_8WIN_7WIN_VISTAWIN_XPWIN_2003WIN_2000%04hX0x%Ix*pPIntStrPtrShortInt64DoubleAStrWStrgdi32comctl32kernel32W-3-4CDecl-2This DllCall requires a prior VarSetCapacity.Pos%sLen%sPos%dLen%dLenMarkpcre_calloutCompile error %d at offset %d: %hs-+0 #diouxXeEfgGaAcCpULlTt%0.*fCcFfSelectVisCenterUniDescLogicalNoSortAutoHdrFirstBoldExpandGDI+JoyJoyXJoyYJoyZJoyRJoyUJoyVJoyPOVJoyNameJoyButtonsJoyAxesJoyInfoGetProcessImageFileNameWpsapi
Source: windows-7-ultimate-x64-sp1.iso.exeBinary or memory string: WIN_VISTA
Source: windows-7-ultimate-x64-sp1.iso.exeBinary or memory string: WIN_7
Source: windows-7-ultimate-x64-sp1.iso.exeBinary or memory string: WIN_8
Source: windows-7-ultimate-x64-sp1.iso.exeBinary or memory string: WIN_8.1
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_004175E0 AddClipboardFormatListener,PostMessageW,SetClipboardViewer,RemoveClipboardFormatListener,ChangeClipboardChain,0_2_004175E0
Source: C:\Users\user\Desktop\windows-7-ultimate-x64-sp1.iso.exeCode function: 0_2_00416D40 Shell_NotifyIconW,DeleteObject,IsWindow,DestroyWindow,DeleteObject,DeleteObject,DeleteObject,DestroyIcon,DeleteObject,DestroyIcon,IsWindow,DestroyWindow,DeleteObject,DeleteObject,DeleteObject,DeleteObject,DestroyIcon,DestroyIcon,IsWindow,DestroyWindow,DeleteObject,RemoveClipboardFormatListener,ChangeClipboardChain,mciSendStringW,mciSendStringW,mciSendStringW,DeleteCriticalSection,OleUninitialize,_free,_free,_free,0_2_00416D40

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Native API		1
DLL Side-Loading		1
Exploitation for Privilege Escalation		1
Disable or Modify Tools		221
Input Capture		1
System Time Discovery		Remote Services1
Archive Collected Data		2
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts2
Command and Scripting Interpreter		Boot or Logon Initialization Scripts1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Account Discovery		Remote Desktop Protocol1
Screen Capture		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Access Token Manipulation		2
Obfuscated Files or Information		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin Shares221
Input Capture		2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
Process Injection		1
DLL Side-Loading		NTDS44
System Information Discovery		Distributed Component Object Model3
Clipboard Data		3
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Masquerading		LSA Secrets141
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
Virtualization/Sandbox Evasion		Cached Domain Credentials3
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Access Token Manipulation		DCSync2
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
Process Injection		Proc Filesystem1
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.