hxxps://drive[.]google[.]com/file/d/1QZ_Rg3F86IMegIqq7USx2kzaeAf_AhXl/view?usp=sharing

Resubmissions

26-09-2024 09:32

240926-lh4pmszarq 7

26-09-2024 09:26

240926-leh9jasdjf 7

Analysis

max time kernel
150s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
26-09-2024 09:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1QZ_Rg3F86IMegIqq7USx2kzaeAf_AhXl/view?usp=sharing

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3124	Microsoft.Rewards.Xbox.exe

Loads dropped DLL 2 IoCs

pid	Process
3124	Microsoft.Rewards.Xbox.exe
3124	Microsoft.Rewards.Xbox.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	drive.google.com
10	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000039570b57fe416e4dbccca910bc3eabbd000000000200000000001066000000010000200000003b2ed16730aa38dcdfe9ede20a829a70779023f7be1bb02a62c91b6897fc0779000000000e8000000002000020000000e87c03c3a6ae73fb68167fafc7f4b0e47b1b9979322c6a476df6f83183fa49d420000000cc2f91fbd3900d1d5e06c968b9611a7365f43c09a9d10b6907aedfb0d7dab32d40000000f5b43de396d3dc0e1c0617b1382ff6753871af2910daed3e1424e3d9cbdac6dd88601ec2af717434df5abc46b97f690f283a24e6b5c7a127f0ebe45c32aa2a6f	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{71A28356-7BEA-11EF-98CC-FA5B96DB06CB} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1174302006"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31133687"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31133687"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1174302006"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0edd446f70fdb01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f032d046f70fdb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000039570b57fe416e4dbccca910bc3eabbd000000000200000000001066000000010000200000006267515032b637ed6a0037a84ce91981f1f847559be365c1e066dbe149a65b29000000000e8000000002000020000000f31b283dd39d57d787ccb0112cbff326391aa04e9d84fefd3dcec72d8ac6f5a3200000000278c1b4743ae57c32cb40a422d73772f7f074ac2d17edb891c7e2ebbf6af43f40000000ed6b1ce684dfdd89ded9f2b6ec268454eee1084f89218c788fb90af2558d8f19c9b617ba5291348bd30aebe3d7f36d2a8d1bacd92c5b25e0ffa8bae1ecef82ff	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4772	msedge.exe
4772	msedge.exe
2588	msedge.exe
2588	msedge.exe
4428	identity_helper.exe
4428	identity_helper.exe
4552	msedge.exe
4552	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4440	7zG.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeRestorePrivilege	116	7zG.exe
Token: 35	116	7zG.exe
Token: SeSecurityPrivilege	116	7zG.exe
Token: SeSecurityPrivilege	116	7zG.exe
Token: SeRestorePrivilege	1068	7zG.exe
Token: 35	1068	7zG.exe
Token: SeSecurityPrivilege	1068	7zG.exe
Token: SeSecurityPrivilege	1068	7zG.exe
Token: SeRestorePrivilege	4440	7zG.exe
Token: 35	4440	7zG.exe
Token: SeSecurityPrivilege	4440	7zG.exe
Token: SeSecurityPrivilege	4440	7zG.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
116	7zG.exe
1068	7zG.exe
4440	7zG.exe
4440	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
540	OpenWith.exe
1560	IEXPLORE.EXE
1560	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2588 wrote to memory of 1916	2588	msedge.exe	82
PID 2588 wrote to memory of 1916	2588	msedge.exe	82
PID 2588 wrote to memory of 4128	2588	msedge.exe	83
PID 2588 wrote to memory of 4128	2588	msedge.exe	83
PID 2588 wrote to memory of 4128	2588	msedge.exe	83
PID 2588 wrote to memory of 4128	2588	msedge.exe	83
PID 2588 wrote to memory of 4128	2588	msedge.exe	83
PID 2588 wrote to memory of 4128	2588	msedge.exe	83
PID 2588 wrote to memory of 4128	2588	msedge.exe	83
PID 2588 wrote to memory of 4128	2588	msedge.exe	83
PID 2588 wrote to memory of 4128	2588	msedge.exe	83
PID 2588 wrote to memory of 4128	2588	msedge.exe	83
PID 2588 wrote to memory of 4128	2588	msedge.exe	83
PID 2588 wrote to memory of 4128	2588	msedge.exe	83
PID 2588 wrote to memory of 4128	2588	msedge.exe	83
PID 2588 wrote to memory of 4128	2588	msedge.exe	83
PID 2588 wrote to memory of 4128	2588	msedge.exe	83
PID 2588 wrote to memory of 4128	2588	msedge.exe	83
PID 2588 wrote to memory of 4128	2588	msedge.exe	83
PID 2588 wrote to memory of 4128	2588	msedge.exe	83
PID 2588 wrote to memory of 4128	2588	msedge.exe	83
PID 2588 wrote to memory of 4128	2588	msedge.exe	83
PID 2588 wrote to memory of 4128	2588	msedge.exe	83
PID 2588 wrote to memory of 4128	2588	msedge.exe	83
PID 2588 wrote to memory of 4128	2588	msedge.exe	83
PID 2588 wrote to memory of 4128	2588	msedge.exe	83
PID 2588 wrote to memory of 4128	2588	msedge.exe	83
PID 2588 wrote to memory of 4128	2588	msedge.exe	83
PID 2588 wrote to memory of 4128	2588	msedge.exe	83
PID 2588 wrote to memory of 4128	2588	msedge.exe	83
PID 2588 wrote to memory of 4128	2588	msedge.exe	83
PID 2588 wrote to memory of 4128	2588	msedge.exe	83
PID 2588 wrote to memory of 4128	2588	msedge.exe	83
PID 2588 wrote to memory of 4128	2588	msedge.exe	83
PID 2588 wrote to memory of 4128	2588	msedge.exe	83
PID 2588 wrote to memory of 4128	2588	msedge.exe	83
PID 2588 wrote to memory of 4128	2588	msedge.exe	83
PID 2588 wrote to memory of 4128	2588	msedge.exe	83
PID 2588 wrote to memory of 4128	2588	msedge.exe	83
PID 2588 wrote to memory of 4128	2588	msedge.exe	83
PID 2588 wrote to memory of 4128	2588	msedge.exe	83
PID 2588 wrote to memory of 4128	2588	msedge.exe	83
PID 2588 wrote to memory of 4772	2588	msedge.exe	84
PID 2588 wrote to memory of 4772	2588	msedge.exe	84
PID 2588 wrote to memory of 3304	2588	msedge.exe	85
PID 2588 wrote to memory of 3304	2588	msedge.exe	85
PID 2588 wrote to memory of 3304	2588	msedge.exe	85
PID 2588 wrote to memory of 3304	2588	msedge.exe	85
PID 2588 wrote to memory of 3304	2588	msedge.exe	85
PID 2588 wrote to memory of 3304	2588	msedge.exe	85
PID 2588 wrote to memory of 3304	2588	msedge.exe	85
PID 2588 wrote to memory of 3304	2588	msedge.exe	85
PID 2588 wrote to memory of 3304	2588	msedge.exe	85
PID 2588 wrote to memory of 3304	2588	msedge.exe	85
PID 2588 wrote to memory of 3304	2588	msedge.exe	85
PID 2588 wrote to memory of 3304	2588	msedge.exe	85
PID 2588 wrote to memory of 3304	2588	msedge.exe	85
PID 2588 wrote to memory of 3304	2588	msedge.exe	85
PID 2588 wrote to memory of 3304	2588	msedge.exe	85
PID 2588 wrote to memory of 3304	2588	msedge.exe	85
PID 2588 wrote to memory of 3304	2588	msedge.exe	85
PID 2588 wrote to memory of 3304	2588	msedge.exe	85
PID 2588 wrote to memory of 3304	2588	msedge.exe	85
PID 2588 wrote to memory of 3304	2588	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1QZ_Rg3F86IMegIqq7USx2kzaeAf_AhXl/view?usp=sharing
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaba0546f8,0x7ffaba054708,0x7ffaba054718
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,13014625273366313244,11877169546969272348,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,13014625273366313244,11877169546969272348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,13014625273366313244,11877169546969272348,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13014625273366313244,11877169546969272348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13014625273366313244,11877169546969272348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13014625273366313244,11877169546969272348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,13014625273366313244,11877169546969272348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,13014625273366313244,11877169546969272348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13014625273366313244,11877169546969272348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13014625273366313244,11877169546969272348,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13014625273366313244,11877169546969272348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13014625273366313244,11877169546969272348,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,13014625273366313244,11877169546969272348,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5712 /prefetch:8
  2⤵
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13014625273366313244,11877169546969272348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,13014625273366313244,11877169546969272348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6332 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,13014625273366313244,11877169546969272348,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3172

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1636

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:540

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2904

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap17053:108:7zEvent25701
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:116

C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\Downloads\AppxMetadata\AppxBundleManifest.xml"
1⤵
PID:4664
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Downloads\AppxMetadata\AppxBundleManifest.xml
  2⤵
  - Modifies Internet Explorer settings
  PID:3792
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3792 CREDAT:17410 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:1560

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\MicrosoftRewards\" -ad -an -ai#7zMap20237:108:7zEvent27683
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1068

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\MicrosoftRewards\*\" -ad -an -ai#7zMap11328:2272:7zEvent8668
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4440

C:\Users\Admin\Downloads\MicrosoftRewards\Microsoft.Rewards.Xbox_1.1.1.0_x64\Microsoft.Rewards.Xbox.exe
"C:\Users\Admin\Downloads\MicrosoftRewards\Microsoft.Rewards.Xbox_1.1.1.0_x64\Microsoft.Rewards.Xbox.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
41KB

MD5
abda4d3a17526328b95aad4cfbf82980

SHA1
f0e1d7c57c6504d2712cec813bc6fd92446ec9e8

SHA256
ee22a58fa0825364628a7618894bcacb1df5a6a775cafcfb6dea146e56a7a476

SHA512
91769a876df0aea973129c758d9a36b319a9285374c95ea1b16e9712f9aa65a1be5acf996c8f53d8cae5faf68e4e5829cd379f523055f8bcfaa0deae0d729170

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
46c10b2102712eb1794e7f3fcf3e479e

SHA1
99746d8e6e018dd83161075fdfd2c17e4455cd0e

SHA256
1d8e28951868bbe9176c23e190bef3a25085c11971f76ecc83fde2dfab999b18

SHA512
bb7cf453156e9d7d98409fa027593b3f31a62c6171e50a533b130f37a563ad6d99e38ef16a4862dbf00dda359ed1131927c880c4f264c9dd579f3c38a8e4c78c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
205ea9f3f840772c54ff4f5a7b6cf0c7

SHA1
7759870316c9e9c3c4c68505d32b82918567bba9

SHA256
ac6c06fe97c28c165ae1309f5e47ff43dfe5640240b3f67e2a9eaff4cdf4f1ba

SHA512
38450a864ffdcf3eb1268ff4f7f15bd7fdb654f366afeee302fdec33a9aa595842dc07e82fa9ebc7f2f2800bb3ebbc541c4997f21d22561df207d6210db95ae8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
dc57b6d002498dec2ead52de9aae4e76

SHA1
ba584e970c7a42194201f65c6567faa5eda8d4be

SHA256
39dc9f7c19847a9193026d2652541eeb08b8d6905870308725542a2f43cd28e1

SHA512
595234688ec6f8d3ef2ac4edd71f02fc48bdcc1798600bc2c970c666ef2b86c4d54df579aaa74009a66712dee3b831123ba85e2ce258d3daa0ec9e0230e36543

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2848878c6a955aeebc2a4017fe9d63e2

SHA1
fb24abcf798a510a6b2c034cf3e85fb05c1e0d6b

SHA256
32744a6b02ad216db5424babfed1a95a3cb1dab407bab8a7aaf00f241bcd5d28

SHA512
a16248de77b609dd5cd6a7c797590376d7d60dd9355d5f5fa0a78bdd794bfc75cd88a387c5bbedc93522b4593c23af1edba99fa8a80a193cdd2ad9034c421792

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ac152ef037be96d7d371d24a2f840121

SHA1
233393e5288ca2d89fe355063e87f7158af5b786

SHA256
9e38904dfe9cdda30aa80ca8a946eb8eb95212d54d74ab0ef761943d63e2633b

SHA512
e2969862aa2672310480a05dc01c5f31f7d749475e57b7327fe3796e88a1239e39a2df8f1f173b11be7fb9a869b60bb2a76487a311bed22268925b3233edf369

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
301314b092f6d9f075328e3a96156336

SHA1
b5c5a86fac6a0497ddc4f0f2324c97f948d2e9f8

SHA256
49df54e82ae6df02e71c7c52cd0333253c0840ae2bc28e199af9b6056a414ef5

SHA512
c3006ce4958a644f44741f31be9f219e77d404700e12c14178d758a444444bd08427e5ecd14233aeb8c1c5c277f032208e9d784d81c0abf7f25d65ba2c32e123

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c62e.TMP

Filesize
1KB

MD5
58dd7ec9db2443d1372eb9af43177391

SHA1
10213795841f5df66b504baf5bfbfe8e6a2e5c13

SHA256
f266b118d05ca2c4ed299325efdeab5fefb9e16f4eb68c163c33165d2f353b84

SHA512
66d8a9c9569a344ffd85c9710a3e1621c4fd95d674c793d7a6572e4eecf1dc31ecdfaebd89665381eb47aaab8243e604b104bd6b22dba63f131b5ee746d0ae48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a8e30a35-8bcf-482c-ac64-77961009656a.tmp

Filesize
1KB

MD5
dfa58113b5d601766f21ac8d66a0056c

SHA1
0f8144f20d055a2c65eec6b0302a8e2a9cda9fa7

SHA256
b183e8177239043e10ca5b16558137a4ce0ef4efc517c23b345274cb40b287dc

SHA512
eba10952b93fd8a3fcb62393e890115e1361c64d330a373b9562f31db973bea711974f5ce89199c60b8fbe29e24c0aafe278d48e340a3bca90274f7815083eba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
51d8747677e0d4c2c7e3921670eb163b

SHA1
6ee3b5eecbbcfebd0b8f87883ae5bbab574c0651

SHA256
ed3a31e722babef370c15cb163dd2049541ff59a69beaf15501151cbc198a17b

SHA512
db857a2ff55442c59976111308ce625b7a86e879dd3464ec97f9a3aa504c5544e2c43a0153b7ec80ab2a88860a79d0e8a78e9a8d8c17c9888a56b9f591ced454

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ecc7a700d1898e3687fe0ff25ce88b4b

SHA1
0cf1e28bb017fbc964c4de91b4e0b6a9ac50936a

SHA256
cd699c1a3b5729b84303652495fb87831a4ff2ecf1691fe95d23b04b21d6c918

SHA512
485081fcc464a4f8330404504f0c7c312a3067faac6abf8dc27839d08c9b341a06f679e1a30e13efc85403dba15de963aadbca8106ba1dc724aa2c80ac33af79

Download Submit
C:\Users\Admin\Downloads\AppxMetadata\AppxBundleManifest.xml

Filesize
3KB

MD5
6d3c3dba703f5ad720166e908d4dd749

SHA1
056a7c4a1a6fb953fe127035ec0cb8fe25410377

SHA256
fd6f22c0f309899d6d5982884b05285a257c53cd39416180dc53ee6d599f7794

SHA512
307e48be49a8df5cd3c2f64289767be82126fb7c3ae6367dfda233d6df4a78f2b3ed9bff5ee47d640835579d54a2d5cb5f2e4ed2b648801dd30b63337b8cba13

Download Submit
C:\Users\Admin\Downloads\MicrosoftRewards.appxbundle

Filesize
12.2MB

MD5
b1569ce52611781b94f19249c7140a38

SHA1
8750ce4953bf5b9dcbca96d9196f332ade76b33f

SHA256
718e02582ce42327caa9c504839953361538838b0537f98031e1e58143bae30d

SHA512
91283588c9de60893ee00395acc66022b3267ab796333698ab09972fc2345dc0585e36d0e51a14d7543a3df076aa60c99941e948e39e6fafa9f049bc29cddcdd

Download Submit
C:\Users\Admin\Downloads\MicrosoftRewards\AppxSignature.p7x

Filesize
10KB

MD5
a284f4b1cea5b121aa162e710e848571

SHA1
d981c9c34bdb8cb06952dfba9573aa8caf6bb0e4

SHA256
6c6e80e7dd165ff63acc42b53468e489c7a16beb520cea881a7d81a5e4b84f97

SHA512
4446c8150303640661da300e072725d5cf902634118bce628c1ac2cbe71949b869619f56d6726c3b355daec3c25182a9e228b0c2917470a45ce2559473543078

Download Submit
C:\Users\Admin\Downloads\MicrosoftRewards\Microsoft.Rewards.Xbox_1.1.1.0_language-de.appx

Filesize
10KB

MD5
d01ccfab6c13fe5988c08a26aeac1dba

SHA1
9ef2391f9e00cd143de80dc7154dd46a3913aacf

SHA256
938a89fe3520a267a1d3678070af2c55afe9745cfe64dac8fff977eb9eff9571

SHA512
cfc3d8aa0f687f52e5494815ad960edacbedb16ab64cffdfab5f5460400c59b7a31e2a507e5ee04080f42bc2a8dabc22469e0a898b89be0139a795192b28f0c0

Download Submit
C:\Users\Admin\Downloads\MicrosoftRewards\Microsoft.Rewards.Xbox_1.1.1.0_language-es.appx

Filesize
10KB

MD5
5692473925897c8ff25114653d8d745c

SHA1
edd7e42eaa2950d23bdf53e4cbab1bfd1c7e286e

SHA256
5ef19e73e9287c3c8c8455191c239e4f7b848871c89c02629e48ee255060b0e9

SHA512
80c24601121c378af03b824aa17153b68854a2fffda6288138fc7cbc9e40f99e780101950d1cd9dbcab86a760c68478be11bb3136c801a22300ab97c73415799

Download Submit
C:\Users\Admin\Downloads\MicrosoftRewards\Microsoft.Rewards.Xbox_1.1.1.0_language-fr.appx

Filesize
10KB

MD5
824c49555cffc72bebe69583623cd129

SHA1
48c5fc9f62cb1d4fe9cf5a1a14509c334941b3a9

SHA256
6bb017e720e1f5f28f21cbdef69277ec7148c42a345b9eadf573f599ba459f0b

SHA512
694a20302225156bc513d6bd8a7a6a710bb4e9ff7a3f756cee40b25818c16b021c6145190ff9bb97e88c6792efec2a5a76e268be6e7ec7706fa7d879791b3928

Download Submit
C:\Users\Admin\Downloads\MicrosoftRewards\Microsoft.Rewards.Xbox_1.1.1.0_language-fr\[Content_Types].xml

Filesize
463B

MD5
a0169694a1990f8a2f5b425f6db7e2e4

SHA1
e6f25a2329e71375cc1b73550f78f725b59dc61e

SHA256
ca8d8e50fdc3f2addfa153b4bf079b2887d3a15c835400d7ca2ace28a9468309

SHA512
4e28b8f168a4e76d3469b5a600b42809ce0bdfa6624ab8e9a83a59940d1a4d8ca2e786067291b630d05e77c1f31d5244166412947b6692096b9b85d3d87e6ee4

Download Submit
C:\Users\Admin\Downloads\MicrosoftRewards\Microsoft.Rewards.Xbox_1.1.1.0_language-it.appx

Filesize
10KB

MD5
e180e25bebe9e08a04ed7c8e4432fb4f

SHA1
8ca5dc58a994c43b6df35f8b5213f2e7adb15eb4

SHA256
646eb9ee1fb11853c69e682cb8bbe5c6d3b65e3221140c9fe7f9a5477528e6ae

SHA512
cec26266eeb1355591b5f5dfe781d1c4e67201f2c36e6511e505a0984e4f8d573cc57de7dd81aa16621d55e06f8d4f32997c1bf26a7a6136dbc7947805abfca8

Download Submit
C:\Users\Admin\Downloads\MicrosoftRewards\Microsoft.Rewards.Xbox_1.1.1.0_language-ja.appx

Filesize
10KB

MD5
11b7693c6a9392e9afb2d92084cafa97

SHA1
2646db52dbe5f77455f2a3988a8578e6aa5e13de

SHA256
d9accb277809e048f1fc939b051608be598d442d0d9cff84a7a3a0b934c9e3a1

SHA512
5ae791c49be7a27e5c68fd2c21ddc0ccdc548e93464cf21da85f4b4430f76ba04bbe37dae1e0b05b7a3f4d7c97577d20411a45b3e8a46bf5415731661b9c71d1

Download Submit
C:\Users\Admin\Downloads\MicrosoftRewards\Microsoft.Rewards.Xbox_1.1.1.0_language-nb.appx

Filesize
9KB

MD5
5e78323f4938991c4547868111e67782

SHA1
595d9d1f3cb02ae9543ce2c4554ba98e0c721f2d

SHA256
8de9d5dcc2a32bbb282a6fa17af432a575083659bfc901deff910d53a7ddcb61

SHA512
bc928636a0e50a5c7062c24c09daa5b0c4d33000d64bbefa3bccbc55796bde0d009d195bb3c1d443e36cd48ffffa13c07c7f9aace58d3ad9a4fd80bd66b8ccc5

Download Submit
C:\Users\Admin\Downloads\MicrosoftRewards\Microsoft.Rewards.Xbox_1.1.1.0_language-nl.appx

Filesize
9KB

MD5
27a687137c4f75a18d3c422a36aa6cf4

SHA1
c551b8c467fdb84459b203020604b3c16ad538a6

SHA256
80e6e6dcf2645f58a9debc21dfbec09d8bd070e136dd64628ebfffbba9715104

SHA512
2d9f9425ba1a497176d65316bea30f1e565df27313537b997fedc0fef607e9f83be464ae13c94a1507f76ddb111a31dfe4e8708a7cc2b4960bc40add759c5314

Download Submit
C:\Users\Admin\Downloads\MicrosoftRewards\Microsoft.Rewards.Xbox_1.1.1.0_language-pt.appx

Filesize
10KB

MD5
54d905e8e77f15ad3a4789b6d26a50d1

SHA1
1c113d9d327bc8ef2f7c79d1c240f3f8caa143ec

SHA256
db07e87b156146e3f89e3055fde697a34da1bc09e11c77c48b68354c56a97b30

SHA512
abaf14b08862d62d1cd2d6c22cb28f5cbdf23eaebb4f0d61e41eaecb8bc1f4a934b937b3e6aabbc17194ef268590141243218549882ad4be31b83149981cb960

Download Submit
C:\Users\Admin\Downloads\MicrosoftRewards\Microsoft.Rewards.Xbox_1.1.1.0_language-sv.appx

Filesize
9KB

MD5
7b41c4eef7cffc2417333f57b401e451

SHA1
fb7b4889a45b2815401b4a56f64eb8a893250361

SHA256
f174931221afdeb17e02c3ddd1dff08f3dec5078cd6d68287fbc4f0ba08ef08b

SHA512
651ff7ed342a969fa4005f879675bfb22b65a4d582ada463b9b06045f5110e67050326fe4ab1a17c90679f0db57e9b4a6b5416c530be10e3aaa8c8496c6b082c

Download Submit
C:\Users\Admin\Downloads\MicrosoftRewards\Microsoft.Rewards.Xbox_1.1.1.0_language-zh-hant.appx

Filesize
10KB

MD5
37c0bcaf7665d9e8ff3c5f8371e81468

SHA1
9f4f85c8672cae3df1884e165228fc0f35dc8137

SHA256
7d873d056c9d6a4a2435adb2dc2d0ad7bacacad2c779bf316ed5499ee6a1db40

SHA512
4b2faa0c6de5c42f2c0ea27ece40c7b497a36af2dd2273eaf1798e5756acfb3c267a128d3619f3bd9ea1a0c227b2623f6ffe3aa164dc7e0f48ba729b86d2d4d5

Download Submit
C:\Users\Admin\Downloads\MicrosoftRewards\Microsoft.Rewards.Xbox_1.1.1.0_scale-100.appx

Filesize
14KB

MD5
4d0e6f526f89ac4da65cd9e69b98ca88

SHA1
5ee37153cfaa83b9fac4f0d6faa3931d44664192

SHA256
f7620a9cd616d85a782b7db8279f7af5b5877a0057b61c750a56b7a8cce05532

SHA512
1f01988f5b858471a694e76137c307029a6e18ab34ae979ab2e9b23e009c9dd95c3483c8817ed8607402155fa36b1d78b6f544ebd48b548d5ce9b7c1f8db675a

Download Submit
C:\Users\Admin\Downloads\MicrosoftRewards\Microsoft.Rewards.Xbox_1.1.1.0_x64.appx

Filesize
12.1MB

MD5
dc5a65d667264a697d86fb03194e542f

SHA1
34a0aefd40dc0f7cf9e2024237f4b58f96b1cb80

SHA256
1d98a084a9bf5e4c476ad8adc26bb04b55c79d3ccb9b5d76f676fff3573ff1c2

SHA512
0e285fce4e9a4a46e59b446a03bba8ad69118b1c646e8e3323f6a49788408eae6a674cbb7abe5ef6c3c2d5d436aae2bb89b90f96a63eb5652a0545143077845e

Download Submit
C:\Users\Admin\Downloads\MicrosoftRewards\Microsoft.Rewards.Xbox_1.1.1.0_x64\Microsoft.Rewards.Xbox.dll

Filesize
30.3MB

MD5
b4ca1513bcc270298cb20645dace9440

SHA1
88c0cac37710383df8105f67ce13085da9cf5736

SHA256
ea7fe2cde3050006f78e7abad0c7a74f13875769595feceb721ef17ac0a22a1d

SHA512
dc51aa442365abd2801fed0c1f4dc5647c1891955a9b445b69c45be6358b4aa9befc2d188e0ec328746add9626ec7b98a58cfbfec7ed1384cf841793e991784c

Download Submit
C:\Users\Admin\Downloads\MicrosoftRewards\Microsoft.Rewards.Xbox_1.1.1.0_x64\Microsoft.Rewards.Xbox.exe

Filesize
20KB

MD5
43c5816b979e144fc180d9b22162cc26

SHA1
5c598f09ab4831f3c8fbe507bde7cb28184adb8e

SHA256
e10f859f600a7b97ea71cad18673dd265d6569d00f9e1ca4820b3dffe3456bbf

SHA512
53a18d94cfcafa735bc5d1436965a0d30b06c002c54efed2e564849e1a56d292fbb97b98f19b72a14941f9a42bc145880032141be44cda5ecc49de84393511f5

Download Submit
C:\Users\Admin\Downloads\MicrosoftRewards\Microsoft.Rewards.Xbox_1.1.1.0_x64\clrcompression.dll

Filesize
68KB

MD5
6a865230271b0d17b4cfcb90da554ccc

SHA1
66933208b5e7278e3a9d8c7c9ddbea1d17a05284

SHA256
7b302a742fa61755ba5380b80d7c8cc32c5e6d0faa48f3d27dc6ef289a6c0f70

SHA512
5c6f294add64139a373dd22c0309ae4bd0a4ae1b3e4ff4f8627af615ae92a13efb48c53df7ba64393708697b2bb328084361b6570d577732f0e6c1121aa7221a

Download Submit
memory/4664-259-0x00007FFA892D0000-0x00007FFA892E0000-memory.dmp

Filesize
64KB

Download
memory/4664-261-0x00007FFA892D0000-0x00007FFA892E0000-memory.dmp

Filesize
64KB

Download
memory/4664-264-0x00007FFA892D0000-0x00007FFA892E0000-memory.dmp

Filesize
64KB

Download
memory/4664-262-0x00007FFA892D0000-0x00007FFA892E0000-memory.dmp

Filesize
64KB

Download
memory/4664-263-0x00007FFA892D0000-0x00007FFA892E0000-memory.dmp

Filesize
64KB

Download
memory/4664-258-0x00007FFA892D0000-0x00007FFA892E0000-memory.dmp

Filesize
64KB

Download
memory/4664-256-0x00007FFA892D0000-0x00007FFA892E0000-memory.dmp

Filesize
64KB

Download
memory/4664-257-0x00007FFA892D0000-0x00007FFA892E0000-memory.dmp

Filesize
64KB

Download
memory/4664-255-0x00007FFA892D0000-0x00007FFA892E0000-memory.dmp

Filesize
64KB

Download