a6b304da706f65520019273d5f35dc9ede582febfe9e9a1d87c482eb46433256

Analysis

max time kernel
68s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2025, 08:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5b25182d96ac6fca82ecb8f99198295f45bf8fceea3fb196beb2a4e7bc862714.exe
Size

1.0MB
MD5

7e81e8492efb9fc3c9659110dc086afe
SHA1

7fa61b56f596e96db069874559f2c295615397f6
SHA256

5b25182d96ac6fca82ecb8f99198295f45bf8fceea3fb196beb2a4e7bc862714
SHA512

d9e6336e5d22e6b7360118f40d8badc5d8390faa40c0bcd1c59ef1fd4a5d993acd59512b1d3cf5c0b8851dd1c59f055d6bf25b5ec1d3f9fcd6a0ea323e575390
SSDEEP

24576:H8RhrEtJNzrcPxtakUuy5OKwId/mz6tXn/xfg1drcUl4lbHK3:c6zrc/atMK1dfHy/kbHi

Score

7^/10

bootkit discovery persistence privilege_escalation upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral23/files/0x0007000000024237-24.dat	acprotect

Checks computer location settings 2 TTPs 64 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	openvi.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 64 IoCs

pid	Process
4488	openvi.exe
4604	openvi.exe
4772	appupdater.exe
4896	openvi.exe
4316	openvi.exe
1124	openvi.exe
2636	openvi.exe
4808	appupdater.exe
5136	openvi.exe
464	openvi.exe
5636	appupdater.exe
4660	openvi.exe
1096	openvi.exe
2560	openvi.exe
2460	appupdater.exe
1348	openvi.exe
4752	openvi.exe
4600	appupdater.exe
1080	openvi.exe
6056	openvi.exe
5084	appupdater.exe
3940	openvi.exe
2352	openvi.exe
3516	appupdater.exe
6472	openvi.exe
6744	openvi.exe
6760	appupdater.exe
6248	openvi.exe
6712	openvi.exe
7088	openvi.exe
7132	appupdater.exe
6952	openvi.exe
6296	openvi.exe
7144	openvi.exe
6492	appupdater.exe
2024	openvi.exe
6980	appupdater.exe
2376	openvi.exe
2024	openvi.exe
6440	appupdater.exe
7444	openvi.exe
7856	openvi.exe
8068	openvi.exe
8084	appupdater.exe
6688	openvi.exe
7916	openvi.exe
7920	appupdater.exe
4516	openvi.exe
7448	openvi.exe
7452	appupdater.exe
7296	openvi.exe
7944	openvi.exe
7832	openvi.exe
7676	appupdater.exe
8124	openvi.exe
7488	openvi.exe
7780	appupdater.exe
7788	openvi.exe
8312	openvi.exe
8328	appupdater.exe
8792	openvi.exe
9064	openvi.exe
9080	appupdater.exe
8476	openvi.exe

Loads dropped DLL 64 IoCs

pid	Process
2956	5b25182d96ac6fca82ecb8f99198295f45bf8fceea3fb196beb2a4e7bc862714.exe
2956	5b25182d96ac6fca82ecb8f99198295f45bf8fceea3fb196beb2a4e7bc862714.exe
2956	5b25182d96ac6fca82ecb8f99198295f45bf8fceea3fb196beb2a4e7bc862714.exe
2956	5b25182d96ac6fca82ecb8f99198295f45bf8fceea3fb196beb2a4e7bc862714.exe
4604	openvi.exe
4604	openvi.exe
4488	openvi.exe
4488	openvi.exe
4488	openvi.exe
4488	openvi.exe
4896	openvi.exe
4896	openvi.exe
4896	openvi.exe
4896	openvi.exe
4316	openvi.exe
4316	openvi.exe
4316	openvi.exe
4316	openvi.exe
1124	openvi.exe
1124	openvi.exe
1124	openvi.exe
1124	openvi.exe
2636	openvi.exe
2636	openvi.exe
2636	openvi.exe
2636	openvi.exe
5136	openvi.exe
5136	openvi.exe
5136	openvi.exe
5136	openvi.exe
464	openvi.exe
464	openvi.exe
464	openvi.exe
464	openvi.exe
4660	openvi.exe
4660	openvi.exe
4660	openvi.exe
4660	openvi.exe
1096	openvi.exe
1096	openvi.exe
1096	openvi.exe
1096	openvi.exe
2560	openvi.exe
2560	openvi.exe
2560	openvi.exe
2560	openvi.exe
1348	openvi.exe
1348	openvi.exe
1348	openvi.exe
1348	openvi.exe
4752	openvi.exe
4752	openvi.exe
4752	openvi.exe
4752	openvi.exe
1080	openvi.exe
1080	openvi.exe
1080	openvi.exe
1080	openvi.exe
6056	openvi.exe
6056	openvi.exe
6056	openvi.exe
6056	openvi.exe
3940	openvi.exe
3940	openvi.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Writes to the Master Boot Record (MBR) 1 TTPs 64 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	5b25182d96ac6fca82ecb8f99198295f45bf8fceea3fb196beb2a4e7bc862714.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral23/memory/2956-28-0x0000000074FC0000-0x0000000074FCA000-memory.dmp	upx
behavioral23/files/0x0007000000024237-24.dat	upx

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
15056	3756	WerFault.exe	528

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	appupdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5b25182d96ac6fca82ecb8f99198295f45bf8fceea3fb196beb2a4e7bc862714.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	appupdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	appupdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	appupdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	appupdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	appupdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	appupdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	appupdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	appupdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	appupdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	appupdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	appupdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	appupdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	appupdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	appupdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	appupdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	appupdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	appupdater.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Directory\ShellEx\DragDropHandlers\.webnavi	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\.nvi\ = "nvifile"	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Directory\Background\ShellEx\ContextMenuHandlers\.webnavi	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Drive\ShellEx\ContextMenuHandlers\.webnavi\ = "{71748560-AA80-4469-9C1D-29A66233974C}"	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Directory\ShellEx\ContextMenuHandlers\.webnavi	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Directory\shellex\DragDropHandlers\.webnavi\ = "{71748560-AA80-4469-9C1D-29A66233974C}"	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\WOW6432Node\CLSID\{71748560-AA80-4469-9C1D-29A66233974C}\InProcServer32	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\.webnavi	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\.webnavi	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Folder\ShellEx\ContextMenuHandlers\.webnavi\ = "{71748560-AA80-4469-9C1D-29A66233974C}"	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\WOW6432Node\CLSID\{71748560-AA80-4469-9C1D-29A66233974C}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Roaming\\webnavi\\nvi.dll"	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\nvifile\Shellex\IconHandler\ = "{71748560-AA80-4469-9C1D-29A66233974C}"	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\nvifile\Shellex\IconHandler\ = "{71748560-AA80-4469-9C1D-29A66233974C}"	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Drive\ShellEx\ContextMenuHandlers\.webnavi	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\WOW6432Node\CLSID\{D66AFFF1-8FE8-48f0-A2D7-D231D926E751}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Roaming\\webnavi\\nvi.dll"	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\nvifile\shell\open\command	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\nvifile\DefaultIcon	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Folder\ShellEx\CopyHookHandlers\.webnavi\ = "{71748560-AA80-4469-9C1D-29A66233974C}"	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\.webnavi\ = "{71748560-AA80-4469-9C1D-29A66233974C}"	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\nvifile\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\webnavi\\openvi.exe\" -nvi \"%1\""	openvi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Directory\shellex\ContextMenuHandlers\.webnavi\ = "{71748560-AA80-4469-9C1D-29A66233974C}"	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Directory\shellex\CopyHookHandlers\.webnavi\ = "{71748560-AA80-4469-9C1D-29A66233974C}"	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\nvifile\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Roaming\\webnavi\\nvi.ico"	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\.webnavi\ = "{71748560-AA80-4469-9C1D-29A66233974C}"	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\WOW6432Node\CLSID\{71748560-AA80-4469-9C1D-29A66233974C}\InProcServer32\ThreadingModel = "Apartment"	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\WOW6432Node\CLSID\{71748560-AA80-4469-9C1D-29A66233974C}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Roaming\\webnavi\\nvi.dll"	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Directory\Background\ShellEx\ContextMenuHandlers\.webnavi	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\CLSID\{71748560-AA80-4469-9C1D-29A66233974C}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Roaming\\webnavi\\nvi64.dll"	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Directory\ShellEx\CopyHookHandlers\.webnavi	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Folder\ShellEx\CopyHookHandlers\.webnavi\ = "{71748560-AA80-4469-9C1D-29A66233974C}"	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\nvifile\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Roaming\\webnavi\\nvi.ico"	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\nvifile\Shellex\IconHandler\ = "{71748560-AA80-4469-9C1D-29A66233974C}"	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Directory\shellex\DragDropHandlers\.webnavi\ = "{71748560-AA80-4469-9C1D-29A66233974C}"	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\nvifile\Shellex\IconHandler	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\CLSID\{D66AFFF1-8FE8-48f0-A2D7-D231D926E751}\InProcServer32	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\WOW6432Node\CLSID\{71748560-AA80-4469-9C1D-29A66233974C}\InProcServer32\ThreadingModel = "Apartment"	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\CLSID\{71748560-AA80-4469-9C1D-29A66233974C}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Roaming\\webnavi\\nvi64.dll"	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Folder\ShellEx\CopyHookHandlers\.webnavi\ = "{71748560-AA80-4469-9C1D-29A66233974C}"	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\CLSID\{71748560-AA80-4469-9C1D-29A66233974C}\InProcServer32\ThreadingModel = "Apartment"	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\nvifile\Shellex\IconHandler\ = "{71748560-AA80-4469-9C1D-29A66233974C}"	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\nvifile\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Roaming\\webnavi\\nvi.ico"	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\nvifile\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Roaming\\webnavi\\nvi.ico"	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Directory\ShellEx\CopyHookHandlers\.webnavi	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Folder\ShellEx\CopyHookHandlers\.webnavi\ = "{71748560-AA80-4469-9C1D-29A66233974C}"	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\CLSID\{71748560-AA80-4469-9C1D-29A66233974C}\InProcServer32	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\.webnavi	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\CLSID\{D66AFFF1-8FE8-48f0-A2D7-D231D926E751}\InProcServer32	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\nvifile\Shellex\IconHandler\ = "{71748560-AA80-4469-9C1D-29A66233974C}"	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Directory\ShellEx\ContextMenuHandlers\.webnavi	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\WOW6432Node\CLSID\{D66AFFF1-8FE8-48f0-A2D7-D231D926E751}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Roaming\\webnavi\\nvi.dll"	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Directory\shellex\CopyHookHandlers\.webnavi\ = "{71748560-AA80-4469-9C1D-29A66233974C}"	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Drive\ShellEx\ContextMenuHandlers\.webnavi\ = "{71748560-AA80-4469-9C1D-29A66233974C}"	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Drive\ShellEx\ContextMenuHandlers\.webnavi	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\WOW6432Node\CLSID\{71748560-AA80-4469-9C1D-29A66233974C}\InProcServer32\ThreadingModel = "Apartment"	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\CLSID\{71748560-AA80-4469-9C1D-29A66233974C}\InProcServer32	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Directory\shellex\DragDropHandlers\.webnavi\ = "{71748560-AA80-4469-9C1D-29A66233974C}"	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Directory\shellex\DragDropHandlers\.webnavi\ = "{71748560-AA80-4469-9C1D-29A66233974C}"	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\WOW6432Node\CLSID\{71748560-AA80-4469-9C1D-29A66233974C}\InProcServer32\ThreadingModel = "Apartment"	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\nvifile\DefaultIcon	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\WOW6432Node\CLSID\{71748560-AA80-4469-9C1D-29A66233974C}\InProcServer32\ThreadingModel = "Apartment"	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\.nvi\ = "nvifile"	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\*\shellex\ContextMenuHandlers\.webnavi\ = "{71748560-AA80-4469-9C1D-29A66233974C}"	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Directory\shellex\CopyHookHandlers\.webnavi\ = "{71748560-AA80-4469-9C1D-29A66233974C}"	openvi.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5504	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
5504	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2956 wrote to memory of 4488	2956	5b25182d96ac6fca82ecb8f99198295f45bf8fceea3fb196beb2a4e7bc862714.exe	87
PID 2956 wrote to memory of 4488	2956	5b25182d96ac6fca82ecb8f99198295f45bf8fceea3fb196beb2a4e7bc862714.exe	87
PID 2956 wrote to memory of 4488	2956	5b25182d96ac6fca82ecb8f99198295f45bf8fceea3fb196beb2a4e7bc862714.exe	87
PID 2956 wrote to memory of 4604	2956	5b25182d96ac6fca82ecb8f99198295f45bf8fceea3fb196beb2a4e7bc862714.exe	88
PID 2956 wrote to memory of 4604	2956	5b25182d96ac6fca82ecb8f99198295f45bf8fceea3fb196beb2a4e7bc862714.exe	88
PID 2956 wrote to memory of 4604	2956	5b25182d96ac6fca82ecb8f99198295f45bf8fceea3fb196beb2a4e7bc862714.exe	88
PID 4604 wrote to memory of 4772	4604	openvi.exe	89
PID 4604 wrote to memory of 4772	4604	openvi.exe	89
PID 4604 wrote to memory of 4772	4604	openvi.exe	89
PID 4488 wrote to memory of 5504	4488	openvi.exe	91
PID 4488 wrote to memory of 5504	4488	openvi.exe	91
PID 5504 wrote to memory of 1812	5504	msedge.exe	93
PID 5504 wrote to memory of 1812	5504	msedge.exe	93
PID 5504 wrote to memory of 1972	5504	msedge.exe	94
PID 5504 wrote to memory of 1972	5504	msedge.exe	94
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95
PID 5504 wrote to memory of 3276	5504	msedge.exe	95

C:\Users\Admin\AppData\Local\Temp\5b25182d96ac6fca82ecb8f99198295f45bf8fceea3fb196beb2a4e7bc862714.exe
"C:\Users\Admin\AppData\Local\Temp\5b25182d96ac6fca82ecb8f99198295f45bf8fceea3fb196beb2a4e7bc862714.exe"
1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2956
- C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
  "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Writes to the Master Boot Record (MBR)
  - Suspicious use of WriteProcessMemory
  PID:4488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:5504
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x33c,0x7ffa8539f208,0x7ffa8539f214,0x7ffa8539f220
      4⤵
      PID:1812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1888,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=2228 /prefetch:3
      4⤵
      PID:1972
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2200,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=2196 /prefetch:2
      4⤵
      PID:3276
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2592,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=2608 /prefetch:8
      4⤵
      PID:3700
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3428,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=3496 /prefetch:1
      4⤵
      PID:5560
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3436,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=3744 /prefetch:1
      4⤵
      PID:3648
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4972,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=4988 /prefetch:1
      4⤵
      PID:468
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4816,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=5172 /prefetch:1
      4⤵
      PID:1404
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=5176,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=5380 /prefetch:1
      4⤵
      PID:4568
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=5568,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=5592 /prefetch:1
      4⤵
      PID:3444
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=3432,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=5708 /prefetch:1
      4⤵
      PID:1188
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5432,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=5740 /prefetch:1
      4⤵
      PID:4556
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=6036,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=6044 /prefetch:1
      4⤵
      PID:2016
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=5744,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=6268 /prefetch:1
      4⤵
      PID:3104
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=6392,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=6416 /prefetch:1
      4⤵
      PID:464
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=6552,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=6576 /prefetch:1
      4⤵
      PID:2372
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=6912,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=6928 /prefetch:1
      4⤵
      PID:1092
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=7176,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=7200 /prefetch:1
      4⤵
      PID:2000
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=7440,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=7448 /prefetch:1
      4⤵
      PID:4088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=7372,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=7456 /prefetch:1
      4⤵
      PID:3048
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=7596,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=7904 /prefetch:1
      4⤵
      PID:6328
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=8148,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=8040 /prefetch:1
      4⤵
      PID:6596
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=8268,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=8384 /prefetch:1
      4⤵
      PID:7068
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=8640,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=8608 /prefetch:1
      4⤵
      PID:6452
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=8416,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=8872 /prefetch:1
      4⤵
      PID:6956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=9224,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=9244 /prefetch:1
      4⤵
      PID:6312
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=9332,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=9412 /prefetch:1
      4⤵
      PID:6560
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=9656,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=9676 /prefetch:1
      4⤵
      PID:6912
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=9920,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=9940 /prefetch:1
      4⤵
      PID:5152
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=9792,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=10184 /prefetch:1
      4⤵
      PID:3476
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=10424,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=10440 /prefetch:1
      4⤵
      PID:6584
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=10772,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=10792 /prefetch:1
      4⤵
      PID:7260
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=11020,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=11032 /prefetch:1
      4⤵
      PID:7624
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=11276,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=11296 /prefetch:1
      4⤵
      PID:7928
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=11532,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=11540 /prefetch:1
      4⤵
      PID:7300
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --always-read-main-dll --field-trial-handle=11792,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=11828 /prefetch:1
      4⤵
      PID:7712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --always-read-main-dll --field-trial-handle=12052,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=12080 /prefetch:1
      4⤵
      PID:2352
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --always-read-main-dll --field-trial-handle=12328,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=12332 /prefetch:1
      4⤵
      PID:1048
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --always-read-main-dll --field-trial-handle=12324,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=12592 /prefetch:1
      4⤵
      PID:6252
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --always-read-main-dll --field-trial-handle=12928,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=12936 /prefetch:1
      4⤵
      PID:3092
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --always-read-main-dll --field-trial-handle=13104,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=13072 /prefetch:1
      4⤵
      PID:7876
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --always-read-main-dll --field-trial-handle=13444,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=13452 /prefetch:1
      4⤵
      PID:4412
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --always-read-main-dll --field-trial-handle=13344,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=13600 /prefetch:1
      4⤵
      PID:7908
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --always-read-main-dll --field-trial-handle=13996,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=13880 /prefetch:1
      4⤵
      PID:2784
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --always-read-main-dll --field-trial-handle=14304,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=14316 /prefetch:1
      4⤵
      PID:612
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --always-read-main-dll --field-trial-handle=14188,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=14176 /prefetch:1
      4⤵
      PID:8644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --always-read-main-dll --field-trial-handle=14572,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=14632 /prefetch:1
      4⤵
      PID:8928
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --always-read-main-dll --field-trial-handle=14616,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=15100 /prefetch:1
      4⤵
      PID:4988
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --always-read-main-dll --field-trial-handle=15344,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=15208 /prefetch:1
      4⤵
      PID:5304
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --always-read-main-dll --field-trial-handle=15676,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=15692 /prefetch:1
      4⤵
      PID:2924
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --always-read-main-dll --field-trial-handle=15504,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=15844 /prefetch:1
      4⤵
      PID:9128
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --always-read-main-dll --field-trial-handle=16112,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=16008 /prefetch:1
      4⤵
      PID:8480
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --always-read-main-dll --field-trial-handle=16372,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=16256 /prefetch:1
      4⤵
      PID:8584
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --always-read-main-dll --field-trial-handle=16604,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=16592 /prefetch:1
      4⤵
      PID:8732
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --always-read-main-dll --field-trial-handle=16136,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=16828 /prefetch:1
      4⤵
      PID:8284
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --always-read-main-dll --field-trial-handle=17036,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=17068 /prefetch:1
      4⤵
      PID:8804
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --always-read-main-dll --field-trial-handle=17296,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=17280 /prefetch:1
      4⤵
      PID:8512
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --always-read-main-dll --field-trial-handle=17456,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=17592 /prefetch:1
      4⤵
      PID:9332
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --always-read-main-dll --field-trial-handle=17864,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=17896 /prefetch:1
      4⤵
      PID:9604
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=18052,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=18060 /prefetch:8
      4⤵
      PID:9696
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=18044,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=18084 /prefetch:8
      4⤵
      PID:9704
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=17868,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=18140 /prefetch:8
      4⤵
      PID:9712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --always-read-main-dll --field-trial-handle=18144,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=18060 /prefetch:1
      4⤵
      PID:10092
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --always-read-main-dll --field-trial-handle=18352,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=18392 /prefetch:1
      4⤵
      PID:9356
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --always-read-main-dll --field-trial-handle=18356,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=18536 /prefetch:1
      4⤵
      PID:5612
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --always-read-main-dll --field-trial-handle=18848,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=18876 /prefetch:1
      4⤵
      PID:9432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --always-read-main-dll --field-trial-handle=19092,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=19120 /prefetch:1
      4⤵
      PID:10024
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --always-read-main-dll --field-trial-handle=19352,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=19372 /prefetch:1
      4⤵
      PID:9664
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --always-read-main-dll --field-trial-handle=19636,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=19660 /prefetch:1
      4⤵
      PID:10124
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --always-read-main-dll --field-trial-handle=19880,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=19912 /prefetch:1
      4⤵
      PID:9376
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --always-read-main-dll --field-trial-handle=20116,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=20156 /prefetch:1
      4⤵
      PID:9596
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --always-read-main-dll --field-trial-handle=20372,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=20388 /prefetch:1
      4⤵
      PID:9620
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --always-read-main-dll --field-trial-handle=20572,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=20368 /prefetch:1
      4⤵
      PID:9468
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --always-read-main-dll --field-trial-handle=20880,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=20916 /prefetch:1
      4⤵
      PID:9224
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --always-read-main-dll --field-trial-handle=21124,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=21152 /prefetch:1
      4⤵
      PID:10728
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --always-read-main-dll --field-trial-handle=21384,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=21400 /prefetch:1
      4⤵
      PID:10992
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --always-read-main-dll --field-trial-handle=21636,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=21652 /prefetch:1
      4⤵
      PID:9924
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --always-read-main-dll --field-trial-handle=21908,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=21904 /prefetch:1
      4⤵
      PID:10828
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --always-read-main-dll --field-trial-handle=22168,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=22148 /prefetch:1
      4⤵
      PID:7444
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --always-read-main-dll --field-trial-handle=22420,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=22324 /prefetch:1
      4⤵
      PID:10984
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --always-read-main-dll --field-trial-handle=22412,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=22648 /prefetch:1
      4⤵
      PID:10332
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --always-read-main-dll --field-trial-handle=22896,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=22836 /prefetch:1
      4⤵
      PID:10440
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --always-read-main-dll --field-trial-handle=23236,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=23244 /prefetch:1
      4⤵
      PID:10968
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --always-read-main-dll --field-trial-handle=23528,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=23420 /prefetch:1
      4⤵
      PID:10636
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --always-read-main-dll --field-trial-handle=23656,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=23532 /prefetch:1
      4⤵
      PID:10424
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --always-read-main-dll --field-trial-handle=14460,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=23940 /prefetch:1
      4⤵
      PID:4304
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --always-read-main-dll --field-trial-handle=24192,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=24076 /prefetch:1
      4⤵
      PID:11408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --always-read-main-dll --field-trial-handle=24424,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=24448 /prefetch:1
      4⤵
      PID:11812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --always-read-main-dll --field-trial-handle=24676,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=24724 /prefetch:1
      4⤵
      PID:12272
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --always-read-main-dll --field-trial-handle=24732,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=24936 /prefetch:1
      4⤵
      PID:11544
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --always-read-main-dll --field-trial-handle=25184,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=25192 /prefetch:1
      4⤵
      PID:11080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --always-read-main-dll --field-trial-handle=25428,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=25460 /prefetch:1
      4⤵
      PID:11564
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --always-read-main-dll --field-trial-handle=25700,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=25592 /prefetch:1
      4⤵
      PID:8120
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --always-read-main-dll --field-trial-handle=25860,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=25984 /prefetch:1
      4⤵
      PID:12156
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --always-read-main-dll --field-trial-handle=25512,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=25844 /prefetch:1
      4⤵
      PID:12076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --always-read-main-dll --field-trial-handle=26296,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=26252 /prefetch:1
      4⤵
      PID:12060
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --always-read-main-dll --field-trial-handle=26272,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=26640 /prefetch:1
      4⤵
      PID:12372
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --always-read-main-dll --field-trial-handle=26876,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=26648 /prefetch:1
      4⤵
      PID:12668
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --always-read-main-dll --field-trial-handle=27140,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=27020 /prefetch:1
      4⤵
      PID:13152
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --always-read-main-dll --field-trial-handle=27396,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=27160 /prefetch:1
      4⤵
      PID:11616
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --always-read-main-dll --field-trial-handle=27532,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=27276 /prefetch:1
      4⤵
      PID:12716
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --always-read-main-dll --field-trial-handle=27884,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=27284 /prefetch:1
      4⤵
      PID:13008
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --always-read-main-dll --field-trial-handle=28136,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=28152 /prefetch:1
      4⤵
      PID:12736
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --always-read-main-dll --field-trial-handle=28384,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=28408 /prefetch:1
      4⤵
      PID:12848
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --always-read-main-dll --field-trial-handle=28628,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=28636 /prefetch:1
      4⤵
      PID:12808
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --always-read-main-dll --field-trial-handle=28940,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=28960 /prefetch:1
      4⤵
      PID:13308
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --always-read-main-dll --field-trial-handle=28812,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=28548 /prefetch:1
      4⤵
      PID:12744
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --always-read-main-dll --field-trial-handle=28796,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=29388 /prefetch:1
      4⤵
      PID:12800
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --always-read-main-dll --field-trial-handle=29656,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=29588 /prefetch:1
      4⤵
      PID:13160
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --always-read-main-dll --field-trial-handle=29904,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=29924 /prefetch:1
      4⤵
      PID:13324
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --always-read-main-dll --field-trial-handle=29816,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=30228 /prefetch:1
      4⤵
      PID:13864
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=30464,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=30532 /prefetch:8
      4⤵
      PID:13972
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=30472,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=30544 /prefetch:8
      4⤵
      PID:13980
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=30868,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=30892 /prefetch:8
      4⤵
      PID:13988
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=31128,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=31136 /prefetch:8
      4⤵
      PID:14112
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --always-read-main-dll --field-trial-handle=31464,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=31472 /prefetch:1
      4⤵
      PID:13336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --always-read-main-dll --field-trial-handle=31236,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=31224 /prefetch:1
      4⤵
      PID:13848
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=31452,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=32012 /prefetch:8
      4⤵
      PID:13496
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=31452,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=32012 /prefetch:8
      4⤵
      PID:4200
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --always-read-main-dll --field-trial-handle=32236,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=32260 /prefetch:1
      4⤵
      PID:14292
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --always-read-main-dll --field-trial-handle=32500,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=32540 /prefetch:1
      4⤵
      PID:12248
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --always-read-main-dll --field-trial-handle=32864,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=32876 /prefetch:1
      4⤵
      PID:13660
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --always-read-main-dll --field-trial-handle=29968,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=18804 /prefetch:1
      4⤵
      PID:14168
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --always-read-main-dll --field-trial-handle=8356,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=1388 /prefetch:1
      4⤵
      PID:14276
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=33080,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=8352 /prefetch:8
      4⤵
      PID:4416
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --always-read-main-dll --field-trial-handle=33172,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=31652 /prefetch:1
      4⤵
      PID:8288
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --always-read-main-dll --field-trial-handle=31828,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=31328 /prefetch:1
      4⤵
      PID:5636
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=29368,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=33132 /prefetch:8
      4⤵
      PID:14228
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=130 --always-read-main-dll --field-trial-handle=33400,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=30296 /prefetch:1
      4⤵
      PID:15128
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --always-read-main-dll --field-trial-handle=33556,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=33440 /prefetch:1
      4⤵
      PID:14552
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=132 --always-read-main-dll --field-trial-handle=29336,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=33616 /prefetch:1
      4⤵
      PID:8444
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=133 --always-read-main-dll --field-trial-handle=33676,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=33712 /prefetch:1
      4⤵
      PID:14344
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=134 --always-read-main-dll --field-trial-handle=8444,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=8380 /prefetch:1
      4⤵
      PID:14900
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=135 --always-read-main-dll --field-trial-handle=32700,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=32472 /prefetch:1
      4⤵
      PID:14736
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=136 --always-read-main-dll --field-trial-handle=32720,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=29080 /prefetch:1
      4⤵
      PID:11152
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4164,i,14118573083754556799,16570465180832808656,262144 --variations-seed-version --mojo-platform-channel-handle=3672 /prefetch:2
      4⤵
      PID:6160
- - C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
    "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Writes to the Master Boot Record (MBR)
    - Modifies registry class
    PID:4896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
      4⤵
      PID:728
  - - C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
      "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Writes to the Master Boot Record (MBR)
      PID:4316
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        5⤵
        
        PID:6060
    - - C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        
        PID:1124
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        6⤵
        
        PID:2760
      - C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2636
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        7⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        7⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        
        PID:5136
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        8⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        8⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        Modifies registry class
        
        PID:464
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        9⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        9⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:4660
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        10⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        
        PID:1096
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        11⤵
        
        PID:116
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        11⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:2560
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        12⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        12⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:1348
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        13⤵
        
        PID:116
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        13⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4752
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        14⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        14⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        Modifies registry class
        
        PID:1080
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        15⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:6056
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        16⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        16⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:3940
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        17⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        17⤵
        Checks computer location settings
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:2352
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        18⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        18⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Modifies registry class
        
        PID:6472
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        19⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        19⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        
        PID:6744
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        20⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        20⤵
        Checks computer location settings
        Executes dropped EXE
        Modifies registry class
        
        PID:6248
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        21⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        21⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        
        PID:6712
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        22⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        22⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:7088
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        23⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        23⤵
        Checks computer location settings
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Modifies registry class
        
        PID:6952
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        24⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        24⤵
        Checks computer location settings
        Executes dropped EXE
        Modifies registry class
        
        PID:6296
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        25⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        25⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:7144
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        26⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        26⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:2024
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        27⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        27⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:2376
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        28⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        28⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        
        PID:2024
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        29⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        29⤵
        Checks computer location settings
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        
        PID:7444
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        30⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        30⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:7856
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        31⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        31⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        
        PID:8068
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        32⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        32⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        
        PID:6688
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        33⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        33⤵
        Checks computer location settings
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:7916
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        34⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        34⤵
        Checks computer location settings
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        
        PID:4516
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        35⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        35⤵
        Executes dropped EXE
        
        PID:7448
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        36⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        36⤵
        Executes dropped EXE
        
        PID:7296
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        37⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        37⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:7944
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        38⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        38⤵
        Checks computer location settings
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Modifies registry class
        
        PID:7832
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        39⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        39⤵
        Checks computer location settings
        Executes dropped EXE
        Modifies registry class
        
        PID:8124
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        40⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        40⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Modifies registry class
        
        PID:7488
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        41⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        41⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:7788
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        42⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        42⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:8312
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        43⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        43⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:8792
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        44⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        44⤵
        Checks computer location settings
        Executes dropped EXE
        Modifies registry class
        
        PID:9064
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        45⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        45⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:8476
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        46⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        46⤵
        Checks computer location settings
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:8788
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        47⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        47⤵
        Checks computer location settings
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:8280
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        48⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        48⤵
        Checks computer location settings
        Writes to the Master Boot Record (MBR)
        Modifies registry class
        
        PID:8708
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        49⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        49⤵
        Writes to the Master Boot Record (MBR)
        
        PID:9104
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        50⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        50⤵
        Checks computer location settings
        Modifies registry class
        
        PID:9008
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        51⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        51⤵
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        
        PID:8780
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        52⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        52⤵
        Checks computer location settings
        Writes to the Master Boot Record (MBR)
        
        PID:8488
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        53⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        53⤵
        Checks computer location settings
        
        PID:6472
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        54⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        54⤵
        Writes to the Master Boot Record (MBR)
        
        PID:8652
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        55⤵
        
        PID:9320
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        55⤵
        Checks computer location settings
        Modifies registry class
        
        PID:9516
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        56⤵
        
        PID:9588
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        56⤵
        Writes to the Master Boot Record (MBR)
        Modifies registry class
        
        PID:9924
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        57⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        57⤵
        Writes to the Master Boot Record (MBR)
        
        PID:9212
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        58⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        58⤵
        Checks computer location settings
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        
        PID:9768
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        59⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        59⤵
        Checks computer location settings
        
        PID:10036
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        60⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        60⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:9672
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        61⤵
        
        PID:9712
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        61⤵
        Checks computer location settings
        
        PID:3452
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        62⤵
        
        PID:9472
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        62⤵
        Checks computer location settings
        
        PID:9840
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        63⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        63⤵
        Modifies registry class
        
        PID:9044
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        64⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        64⤵
        Writes to the Master Boot Record (MBR)
        
        PID:9644
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        65⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        65⤵
        Writes to the Master Boot Record (MBR)
        
        PID:10184
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        66⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        66⤵
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        
        PID:9472
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        67⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        67⤵
        Checks computer location settings
        Modifies registry class
        
        PID:8280
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        68⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        68⤵
        Checks computer location settings
        Writes to the Master Boot Record (MBR)
        
        PID:10412
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        69⤵
        
        PID:10704
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        69⤵
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:10896
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        70⤵
        
        PID:10976
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        70⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:11132
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        71⤵
        
        PID:9804
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        71⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:10624
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        72⤵
        
        PID:10808
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        72⤵
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:11052
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        73⤵
        
        PID:10896
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        73⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:10508
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        74⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        74⤵
        Checks computer location settings
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:10208
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        75⤵
        
        PID:10344
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        75⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:11196
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        76⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        76⤵
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:10792
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        77⤵
        
        PID:11084
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        77⤵
        System Location Discovery: System Language Discovery
        
        PID:11008
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        78⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        78⤵
        Checks computer location settings
        Modifies registry class
        
        PID:11132
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        79⤵
        
        PID:9048
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        79⤵
        Checks computer location settings
        Modifies registry class
        
        PID:5736
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        80⤵
        
        PID:10792
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        80⤵
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:11140
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        81⤵
        
        PID:11392
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        81⤵
        Checks computer location settings
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:11652
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        82⤵
        
        PID:11756
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        82⤵
        Writes to the Master Boot Record (MBR)
        
        PID:11924
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        83⤵
        
        PID:12256
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        83⤵
        
        PID:11356
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        84⤵
        
        PID:11476
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        84⤵
        Checks computer location settings
        Writes to the Master Boot Record (MBR)
        
        PID:11840
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        85⤵
        
        PID:12196
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        85⤵
        Checks computer location settings
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:11308
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        86⤵
        
        PID:11476
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        86⤵
        Checks computer location settings
        
        PID:11956
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        87⤵
        
        PID:12180
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        87⤵
        System Location Discovery: System Language Discovery
        
        PID:11852
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        88⤵
        
        PID:12128
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        88⤵
        Checks computer location settings
        Writes to the Master Boot Record (MBR)
        
        PID:11552
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        89⤵
        
        PID:11744
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        89⤵
        Checks computer location settings
        Writes to the Master Boot Record (MBR)
        
        PID:11276
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        90⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        90⤵
        Checks computer location settings
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:11904
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        91⤵
        
        PID:12360
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        91⤵
        Writes to the Master Boot Record (MBR)
        
        PID:12568
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        92⤵
        
        PID:12652
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        92⤵
        Writes to the Master Boot Record (MBR)
        Modifies registry class
        
        PID:12804
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        93⤵
        
        PID:13136
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        93⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:13288
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        94⤵
        
        PID:12208
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        94⤵
        
        PID:12536
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        95⤵
        
        PID:12656
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        95⤵
        Checks computer location settings
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:12580
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        96⤵
        
        PID:12992
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        96⤵
        Checks computer location settings
        Writes to the Master Boot Record (MBR)
        
        PID:13280
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        97⤵
        
        PID:12584
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        97⤵
        Checks computer location settings
        Writes to the Master Boot Record (MBR)
        
        PID:11892
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        98⤵
        
        PID:13180
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        98⤵
        Writes to the Master Boot Record (MBR)
        
        PID:12984
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        99⤵
        
        PID:12844
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        99⤵
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:12812
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        100⤵
        
        PID:12468
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        100⤵
        Writes to the Master Boot Record (MBR)
        
        PID:12768
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        101⤵
        
        PID:12596
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        101⤵
        Checks computer location settings
        
        PID:13268
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        102⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        102⤵
        Writes to the Master Boot Record (MBR)
        
        PID:1988
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        103⤵
        
        PID:13248
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        103⤵
        System Location Discovery: System Language Discovery
        
        PID:9096
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        104⤵
        
        PID:13300
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        104⤵
        Checks computer location settings
        
        PID:13508
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        105⤵
        
        PID:13848
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        105⤵
        
        PID:14260
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        106⤵
        
        PID:13192
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        106⤵
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        
        PID:13256
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        107⤵
        
        PID:13560
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        107⤵
        Modifies registry class
        
        PID:12748
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        108⤵
        
        PID:11728
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        108⤵
        Checks computer location settings
        Writes to the Master Boot Record (MBR)
        Modifies registry class
        
        PID:9528
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        109⤵
        
        PID:13496
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        109⤵
        
        PID:12696
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        110⤵
        
        PID:13656
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        110⤵
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:13640
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        111⤵
        
        PID:12748
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        111⤵
        Modifies registry class
        
        PID:14332
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        112⤵
        
        PID:13924
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        112⤵
        
        PID:13696
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        113⤵
        
        PID:14244
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        113⤵
        
        PID:14296
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        114⤵
        
        PID:11728
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        114⤵
        
        PID:14128
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        115⤵
        
        PID:15064
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        115⤵
        
        PID:5960
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        116⤵
        
        PID:14532
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        116⤵
        
        PID:14728
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        117⤵
        
        PID:15056
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        117⤵
        
        PID:15300
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        118⤵
        
        PID:14368
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        118⤵
        
        PID:14564
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        119⤵
        
        PID:14880
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        119⤵
        
        PID:15148
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        120⤵
        
        PID:14800
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        120⤵
        
        PID:3756
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744186861
        121⤵
        
        PID:14748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 592
        121⤵
        Program crash
        
        PID:15056
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        120⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        118⤵
        
        PID:14580
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        116⤵
        
        PID:14752
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        114⤵
        
        PID:11772
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        112⤵
        
        PID:13672
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        108⤵
        
        PID:13884
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        106⤵
        System Location Discovery: System Language Discovery
        
        PID:13556
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        104⤵
        
        PID:13532
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        100⤵
        System Location Discovery: System Language Discovery
        
        PID:12844
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        98⤵
        System Location Discovery: System Language Discovery
        
        PID:12804
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        96⤵
        System Location Discovery: System Language Discovery
        
        PID:12872
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        92⤵
        System Location Discovery: System Language Discovery
        
        PID:12820
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        90⤵
        
        PID:12200
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        86⤵
        
        PID:11676
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        84⤵
        
        PID:11856
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        82⤵
        
        PID:11936
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        80⤵
        System Location Discovery: System Language Discovery
        
        PID:9948
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        78⤵
        System Location Discovery: System Language Discovery
        
        PID:9056
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        73⤵
        System Location Discovery: System Language Discovery
        
        PID:10528
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        70⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        66⤵
        
        PID:9748
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        64⤵
        System Location Discovery: System Language Discovery
        
        PID:9724
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        62⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        60⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        58⤵
        System Location Discovery: System Language Discovery
        
        PID:9856
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        57⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        54⤵
        System Location Discovery: System Language Discovery
        
        PID:8696
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        52⤵
        System Location Discovery: System Language Discovery
        
        PID:9172
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        51⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        49⤵
        
        PID:8904
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        46⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        44⤵
        Executes dropped EXE
        
        PID:9080
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        42⤵
        Executes dropped EXE
        
        PID:8328
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        40⤵
        Executes dropped EXE
        
        PID:7780
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        38⤵
        Executes dropped EXE
        
        PID:7676
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        35⤵
        Executes dropped EXE
        
        PID:7452
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        33⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:7920
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        31⤵
        Executes dropped EXE
        
        PID:8084
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        28⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:6440
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        26⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:6980
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        25⤵
        Executes dropped EXE
        
        PID:6492
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        22⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:7132
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        19⤵
        Executes dropped EXE
        
        PID:6760
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        17⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3516
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        15⤵
        Executes dropped EXE
        
        PID:5084
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        13⤵
        Executes dropped EXE
        
        PID:4600
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        11⤵
        Executes dropped EXE
        
        PID:2460
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:5636
      - C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        6⤵
        Executes dropped EXE
        
        PID:4808
- C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
  C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe -u
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Writes to the Master Boot Record (MBR)
  - Suspicious use of WriteProcessMemory
  PID:4604
- - C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
    "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
    3⤵
    - Executes dropped EXE
    PID:4772

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:6028

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
1⤵
PID:13248

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:13684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:9900

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\c3ae8ad8-99c8-48f5-aca8-cd4938f05c9e.dmp

Filesize
8.6MB

MD5
9680cbafdb700b0cd96be8ea24c6c683

SHA1
91ea9f838a540a48d62a3d8cc768ccbf92ef0c95

SHA256
fd60bc3a16758edd646d97d52071e8093ec5d75f44e2d8661caa596dad55d2c2

SHA512
3fc36a2d0fde95b91aae665871b7ea6dfe89b252e59acfefd7c3df1e1dd07d31bac7f6dcc6c408f0058fe3e51f4c1bafd10cfc505e39cb0a95591124b26c6099

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\e08e9a6a-3e4f-434d-b937-d9b410557bf0.dmp

Filesize
5.5MB

MD5
419198442ae189fbce2b9426cdbc8ff6

SHA1
0724b82cb080be26856dec7cf81c26bc24b48fb8

SHA256
71941381d70b26c6927c7b906209c86bf847cf4950986fe5e5f4cda61eb6a8f8

SHA512
03ae7d74e694cd34602f21bd54c159215a91f910049f0c131fe76068a44f0c6b4d0cb2eb4f2f1bf01d96682ec269724c16f3ea602020d5bb47118144ae00256c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
690f9d619434781cadb75580a074a84d

SHA1
9c952a5597941ab800cae7262842ab6ac0b82ab1

SHA256
fc2e4954dbe6b72d5b09e1dc6360ea699437a2551355c2950da0b3d3a4779fc1

SHA512
d6b1da8e7febf926e8b6c316164efbbac22c7c3d9e4933a19fffba3d1667e1993cdeb5064aa53816c0c53f9d2c53e204772de987eb18adbb094a0fb84ae61fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
69fa86ec1cc98b0cead315125ed8aeaf

SHA1
5ce1372d1a5085716f3b9eba072838286b49cbc8

SHA256
30f759b44d3421034af5cf8f248cf2ffc5b69c675df80ba96b0b6f56d857d8d1

SHA512
b2acfcb24209ffe2c221e0df65791612f5432bafc0682629487b54860d112ebb6f8c6caeca6fb82695c3dea64cd0a5080d7af7b674efaf902234986659c98446

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
05f0d630771f003cee3b953f6818662d

SHA1
e5983bc9ccd43d72954b01055bdaabd5ced42441

SHA256
bb18e513acb4a27db36045731e1fd0122a65e8dbf71499a6fd451df5ba488004

SHA512
b85ab77c559208ca3f650357422d9654b929a7fddcfc7055f084d44cdf2fe2f970682dac4a8e8060bbbce34a1998feaf68621f933ec533f9975c0c606107e3ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
9c0c5f851a9e4bea5c449a630b8ce106

SHA1
2acdeb86f005e96039d575db7e8e7b504c3a74b3

SHA256
4ba7ad82838db8a356a926aecbf697d7bb20ee5683689676e63f5981ae68b27b

SHA512
a687c6d12a264d08b52423c9fd4e798bcb1f68102b692b038839bb982c0e1abe538461a2b501000be727038941b098ded173507b762937169bc6ec772108ce27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
915dfb90e32183e877fba051695eeded

SHA1
9c498f14a6556640919ebb8e56de0815b0cb3c81

SHA256
9132384a93a4edaebda498e7729f435ec48bc1e106cda182223d5bf35234e16e

SHA512
e597a927bcb33615b5e1314485cef430e1d534dddfa4bf17ca2b70c17f08e1ddd339bd69cb57520c19eb61800e0dd1d94c745981d5db58e5b0460936f58fb5ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
2d0c744c279b625e078252dceff749be

SHA1
b060d537f0ea9b0bc6d2b1413e89327cdfdc8c56

SHA256
82adf3f957989e3bf4a760817a39ed529e3f499bacbdbb0f323625d139e5c9ea

SHA512
2f2da24280cbd791de75636ef2ff04fad796b49cb83deddf268409c13fb64473f48aeb3b49c45c627c533e5512fcc357808233f25deacf56a45a99584b40c1b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
463B

MD5
8cd76cd6f4e054b5589509fdcfc86671

SHA1
760ba891e0eb94bf04cdbf58ef6c88449ad9742a

SHA256
303cd22ccb820a792868c41a1b2371b9e2d3f15d33e3aaca5c8a317dfc2db45c

SHA512
83db0aeb976c70f2d65ab3cc6094a5e77586dabf88a15ad922e1aac0dfa3104778615c8687093df42657f67078519f404a83c1a2ddd71bbca1d758c04cd1eac7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
890B

MD5
8a88ac66429226b424f0be8c536d840b

SHA1
520e6c9be0ff8d9f41f2ff04da8994d442d15aea

SHA256
2cd24ba3e0e8a6e7dd376d2e18b2b7f3ff35f60c7abcdb43bd0afcc295a8b325

SHA512
0c166e3287d2c542f8d24b1229be84fc9753f05cda60670fec16d07fa5b560602def28e99734c511a729bb8eee6620479467bb29684f6c8bffad26d3bbcd1e2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
546bb918f7fbbe0d406fc674bc908a2e

SHA1
6e14654dea32ad2a1803998da47d9f12eb2059c7

SHA256
a9598e1802a03154d9eb4c789aee00ecef397c838c173b7593e43a83157dc953

SHA512
37bb32c45f0c4d75bf62f800d7a83ea401b79e2cc34103b48ef3ef36c853d1e7ead8aacd839f037b1a5162a8a92a8cddbc5a5b2d7d9d67a0108a558479aba4b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
f8232303107ad87ac27f3b211b3fdb91

SHA1
e282493e050054726e565e21238f467017b87900

SHA256
dc45be4642d6c4ef8ecdf8208552f0cf4d3d988c0de5da547baae6417345d44d

SHA512
a239659272a6c81b926dcd9c283642e3911bb07ed06764f6fc02999cb2c6547f43975589d8af17c8f9294fa13979513151119d4de232f498018fa55fa9ec7acb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
b29d9a2109d28c9ddcda826fdb48ba82

SHA1
68e538d0ff1ce74c417b0b0694dadde435b61f40

SHA256
9af70db7948fe4a6fff0f974824673191dabed70f082beb329a1af373c3bc67e

SHA512
4c9e86e7cc7b420b08fd91bf6b0ee5d15ce0f89a67639fb67cb78df6cc6aea7066a79614b866e498191d0ee86e4626e8d9b436cb8524bf8c570e8fcd00084054

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
bfe9adbb5a84204293d049c6854f23b7

SHA1
f959417a8c4b4c8b5c73091d6a4cf8998aa22b8d

SHA256
1891e709f69207d4a3b8585e4e4b6b442f220b5f8b9b78fa26d4128f864fb8df

SHA512
634a160e64f767f75f336f7a89060180c1ac89fd53176fd0d44e37b2c33f34566a460be54a1bfcb521c6d40e4a58d5684f8edfb88ae6c309633e5cd663d7bebf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
1eeec5158fa671fabe6daf2ef651099b

SHA1
41fe694513167746cc67ecd2acc2a467792b7b1d

SHA256
8c85308ddcf9656f96c23f9138d15ccecda6d63cce73dddcb8344e7ea7297cff

SHA512
68e10730f3c7901aa2bd8de243d52627679fa6b038ed415ccac87ff0ed1b068041267d9fd58f66077f9df19f014ded9bda457a9b79fe012734549798d81f325c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
867dc7a7d7fd852e9bd3c0a62075d7bd

SHA1
d821dc470703d829254a76780bde003585e5381a

SHA256
ef511b1f175a4bf3c5ba1a50ad4238d515dada0997960ffa253fd10e98ab4b80

SHA512
f6901b15cabce4276680fdbd2222d7447fe0ca2141b651953b87803e18d67866952fce41fe006479a8a7cbb47f7725dc7d4001e9bbfaa8f59d34473db049cd3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq3CCC.tmp\System.dll

Filesize
11KB

MD5
bf712f32249029466fa86756f5546950

SHA1
75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

SHA256
7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

SHA512
13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq3CCC.tmp\nsJSON.dll

Filesize
7KB

MD5
78b913fcd04259634a5e901c616e6074

SHA1
ad5e1c651851a1125bcad79b01ccdcfa45df4799

SHA256
e3ce60666bb88c2412615ef9f432ec24e219532dee5cc1c7aebc65ed9ec94d59

SHA512
cbe07179dd93011f3d9a8f83541961ff34fb83d96658ac82a433ef0aa3399b183eaec3e6a49ec1c1e478d1eada2d3ebc78ffb1ae0574984ae66a7a9cab5d59e5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\bacdau.lnk

Filesize
1KB

MD5
1a48e5a47c6b247e2473a4c51b637580

SHA1
42fb119ceae7ad8f154acaa8f3ed0d396c8adac3

SHA256
6732ff78ddbd579ef080c2d9af3b3a3e926b27d59ab6442fde91702a83488a67

SHA512
1186cc4207694bee122a4eeca254d9d657128fd05fb7b26c7148aa6e25f9ce30b9e94c38185a42d83f7ad4e06965f8995285e91dcdf72a29da0a45103dae8220

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\bacdau.lnk

Filesize
1KB

MD5
2e08991868e76e27895545b466043b01

SHA1
f6d59826ff361abaff187b41fb862c426ca92660

SHA256
8d2742e7700dcad9e8f40ccf0995d1526914d4fa7ade149ac4cf4825f0fe4cd8

SHA512
925bbfbfa18f4ea9705d635602fd0b5947885fa7b4942099c8eb94f6eb18148dfd1317a741e1d18bfeeebe74ce3d1e92ea3ff85eb84154a889737ecb06184e77

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\bacdau.lnk

Filesize
1KB

MD5
7a199a0d9531a9189146953bfe1e9301

SHA1
d89fc160519360366ce023d4df81b49ea0cfc347

SHA256
adb518327965a0828ebbcd22f7ba0cb291a7502af51a6a1fb3d4e35ba666e9e1

SHA512
f6f5bc02cf416f6304d263690f0f0b782ca5fa6c59bad032db3cd057f112a2ba3a170b0133a8b6e86821224327e2402fb5facd31a47caa2e964362b62dbf031e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\bacdau.lnk

Filesize
1KB

MD5
893731ac6fe87b65b1c8e86bb7829daf

SHA1
5c77f34999ee01257d6d624361cf0ac5618e23ea

SHA256
2e75693f09691c8c5846ee5796cc284c700aac264b8f3f5db4d23e1eabe48518

SHA512
038eced7a5b4109334735653b0796349c7c7701764328c452c434099e8ffca424ff2ab5c215c908d7501d045752e186756505e0f92dbd5fddbdd180576ba390e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\bacdau.lnk

Filesize
1KB

MD5
a34cfb471c20f18196b10790574738aa

SHA1
1f19be26a7f7bb3293ead1fc06139ee97d850309

SHA256
261a033931b4d7f49f450c66f910d93251375d965b4defdbf3973ecadeefd5a1

SHA512
be2b71e29bcbc15a8208459b34bf15e9fcc1d3e1df48d21626193c7b6b0b39330568d25a01812f4321d8d4eee6129b00f3756ea7c51f5af2a0060a9a627ff936

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\bacdau.lnk

Filesize
1KB

MD5
4515177f0b671a95741a7ec504dfc63e

SHA1
7146a130ca36421da2048a751b060d5354906293

SHA256
222c57046e88af1f436585244a6b6fd073606e3081dd0c72551cc83e472488c8

SHA512
d2e54083046ee54c2bf43c39539cdd7b086694da7f47321b561ef3bfb2c289806d530f96c2c4c5fc2a14fd886e5edec0f6c2f4eaa98630bbb985890032301d25

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\bacdau.lnk

Filesize
1KB

MD5
26c54ccf40fc2ea0b3c31cb4f05dd167

SHA1
c1e584b2b8f959c8f2092dd2512bdfd87da623da

SHA256
b53114c0fd140d14389870cba22e7680ed23b6b09a9519761b0f1afbc1105f83

SHA512
4f238a2ef3e941db308e0af3a64682b4adc88d03ba69915861b743e05346dd3cf1391190f6d345ddb4221f58ce6d6c6f6317ee0ef1af504bfaf14094b2271284

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\bacdau.lnk

Filesize
1KB

MD5
f0e8940bc0d38dff91092fb62fac3cd2

SHA1
370d29e7135737a695a06c34c1ac8b299cd1dcf6

SHA256
908be2910ec7c0cfaa1b8089f16cec18150c8ed6ebb137030ffd49ccacdb2e32

SHA512
d92fdf428a3ee190da176c36d2e90537deb98780bd3ed996e39e935fd3aed16dd0b850434b5c0cf67ca06a3bb7b93cb28c9be776c8cda25ef788115a64e4a692

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\bacdau.lnk

Filesize
1KB

MD5
7c281e6c9252e3d1285cea914af512d1

SHA1
28c644d45549ec7c6c1723e163de92d69678b960

SHA256
93cb9c82762a9c119daee53e5d7c898ea516dd65ea3a5e942a5921c1ff91d68e

SHA512
7bc65890a398a4616345bb76ed6f78a9e4d66b57949d7bec3a2a4a40d4c58070ace2d7f16fbe5adac070f738cf34fce99e287f270409473418ff76120efdbd7a

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\Inst.dll

Filesize
448KB

MD5
dc4b600de23921976fb6845c96e54941

SHA1
4c695b37acac161a520e1cf007c8f116fbdb8404

SHA256
43ba2bc99cdd3cdf9f5954706fd6dde0f775f6fc3518ac755bc33c10175de802

SHA512
c47489ba03887f0c3bfc5eff09501744ab7a5abf9c855ecc4c89df04276a39f2388db707e787567cd3fa2c905116a71bc411852e5687ba6df801fc23e936624c

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\appupdatelib.dll

Filesize
360KB

MD5
3a9d8e0d39aea233d22f6313b17df9bc

SHA1
b00c246744b7f240e3e9ab609694f58026d69d5b

SHA256
a085134a9df44fa891b8efce4fb7bf384d09bd37fdf0b51c66264cefaa4068b6

SHA512
3e8b9bd696352879fba46caf77d364dfffcec9ea6e5708436472c1f4bafbbe93cb67eec4e2b8957aada157e58377dba05931cdcbbff4cefcbf1bdbabd1e4d6de

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe

Filesize
957KB

MD5
632399e31a0a95e6ffabc3612801473a

SHA1
88e63c9e3e1e6fa2f7a40a14a0c0895c9fd4e1f3

SHA256
22884c9e653c839304c6cb58d4a3cf4ee229d837b4aab4cd0836699364e2d8db

SHA512
06bb5c74c8657ef5185cc5a4dcd91be0d3e07124ac6977c184d98622f0592e6706f48c180d8b41f889337c41e92439941780e5df3303fbec9c99d0e2a153eab7

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe.log

Filesize
17KB

MD5
cb8225daaaba287debe1667eb133302d

SHA1
8919e49a4d5f9b5d20cd3366fa08deb47c7a405a

SHA256
6d07d94cb1e048844845de176059902e90dc15d54887b13cd48a86b81d0d7930

SHA512
6acabc4e8672137733fb7d8a49e583cee9b9acf01ca6e91f680c4b215fb144ea8f715ae9fe05f5945e6dd9a1bf6194ba66eb1a0f1ae96a8516c14c5672fb2430

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe.log

Filesize
8KB

MD5
1b97895caa7e158a9046c09aedf41ec3

SHA1
06e0524aa59264fc55df9a50cf00188b9eaee1a9

SHA256
24a118f4ffddab6ac721734b2e3ff38aa7bbb131ca172c1c2cb5e18b040a8301

SHA512
c637e5b9fafce205d553536ba905ac71d49ca2df4400a1117f2644eb616fb335168d7467d85bd2d0815b3f9cee4958992aa89cde3bc6218f04fc0d4c19c89589

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
2c8a005653f86776b79500cfcae30412

SHA1
1a35a24a281574b054746ce8ff902327a9c4c6eb

SHA256
0cb47c56a505ccaba4098d902ad878e2fe2d089c1bb9b6cecf3fc93bb20e824e

SHA512
d2780143f173bff6ea88666dbb3bdfaac45936df380ea08d6d314ea1d89947941d343b08c230763d96026388b2398f87d78e634ab3a731d7ee3f16a93784c7b9

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
b5b8ed14e24a8cf37d34190c0a882a72

SHA1
b9676d25675539b25c637b4f77bd062af250d39d

SHA256
0395a47c242955baaf0e6cf47f9be26622f25975f5a6662bbafe091ce2ca44c5

SHA512
3045717d716fc1ca3559993e44dcf816cbe6e0f39932540dcb6d4733eef701eb14e01cf174cf7ca823bd8577294dfc73a0554a5f570a712c89c508a9d5dc41b1

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
97add6500b4b5ca7dd91d14d575f06bd

SHA1
0fa342364f000ee57a67df5c644386f1ace00fd0

SHA256
2c3a9ba24074d7e6ebf3d5a0bcc370e036797d0767a52382f406bc47f793463d

SHA512
da41a9d820039700269b7be842c892049cea268ca99eabcd7a07b4f9e0811671b3c734493583373556a073b80d4898a1e64633f7aa238bcd75d98ee521bf119a

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
0d2369d238129bb68d94a393a6806700

SHA1
28aa334fb786382dd131ed42b88916a86521e865

SHA256
f1524f622e46995dfbadbbeaf59778ce3a14b0f76877fb03b37f6f8d7b7d8399

SHA512
a91e54316785cc599d7a183cc5c88421374789e113f663661b375bad5a30e1b47b0692f926839730d6e702cb03e37a421745cc6e4deb6e02b96ca53cc4f97daf

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
04720e810f6508e97a2977de271dd873

SHA1
0fa5571127b1c73ebb672470b3dc48c67655be16

SHA256
f25bff011fd6c4177ce887001a915852ed30e44769fb0626329593a0941d0d7a

SHA512
246dfec17f9eef870b2ed4cd0bffe80faea4c5d37143d3dda1a607ec34c3db7189326e1c3096f3741f0b710873102b1c4060febef50e825c096e2ce23a84cfd1

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
444997cca6650541c6209925e240af72

SHA1
01c299af0c7c48bf5a8dcf6e5980f9fdd1c91b80

SHA256
20d31074d08ffba316f5a5dee35aeba3007fdd8ef9dc50a71b37dbb9f46e6888

SHA512
5d14bf00bb8d5479e26a6357848193b4d7117d6cbc4cc55256675486c14e974deb9d12aaf6cdc4562719dcab83336301cb094b4832e14619ac7100c7a3301694

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
3ca93ade39e9e469ebb085be678fd504

SHA1
99d2dfc90a0db2f3065d0942df57a66cfcd8c76d

SHA256
005ecc6986340f0528627ff403c012b5102561060cedd90c1e6cda7a2509d824

SHA512
0c381a35d43d66901b16bb958c671df52726e55fa23d9a98a8e24474596109bd06087011c00010253c1286b23310977949ab7d605e20f396e22d7fcab0711388

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
bbc958f702819171178a986889e64dd2

SHA1
5b8d155fefcd245c8754bb3ecad6299904f9453f

SHA256
0c8449b29b81b7549bbacc29c1e937ed72455c94b2dd3d194107d18411650e61

SHA512
2ec74f212546a5928a9840d09ef3d3e1cee3a55070f6c5478713e35fc00c85b7d6564aa383bd94af5a8aefb837b933dea42d0e7e532622064477253a6a74ca77

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
3bb9c531fd24d61f1c647e51e03a0f5f

SHA1
78bc63cc564046bc3ff650adb1a0489776c03831

SHA256
fccfd57691c71bf1d87872aabcb09ad192a65989f64a2e5c80b95d5936053de5

SHA512
09ad66fe31da73f62234321013aefe8b8e5633d8d071685b92a3f6f7d3b7499c62f2e4af3bb5cca24efd1cf78a8452d352b7066aade3e0501de86de758cac75d

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
867e55793ecc42c8290e3205c972b593

SHA1
95bfc265799c95b16fb2898fb75ea026e318eda4

SHA256
b8a245877349b468cd6a2650cf6ca5273117092d3051abfe1eb085eec6746de9

SHA512
51b15e2c834f6888c2ed23bb0b06adc761c979f19413a2e2e3b03d460e08496485f68129375efdab7c15a666e39788d80ee5c923e7c3d5b67ab72a0111afc8d9

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
4613a48efdbd4ea8c6f655ae189262fc

SHA1
640c2c8b6101abc5bc563dd7754fad8be5d6bb65

SHA256
dbe608194abea8e2a8bbb71256195a39fac3cbfaa041e52103a1b20c8e27de05

SHA512
d62483799f9144cfd54e6ee08285096ba5ea285591381a62c7a80d778f5ca7e07b9b61f4ef9e7770318faffd837f198c76b3b23542707cb3a61d6c28e9eeecf0

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
41fec2bbae67b38576f90ce5337bd628

SHA1
c6757d373ec7780eca33a09851e07b7b1e973fbf

SHA256
4e3ed4e851df6ea54ae07c33905314d4911d7c715418a84d534ca8308428e3d2

SHA512
9ff2caf00e4817de2ddf4884b5b86627b1de2fcce1e27d42713251bf5f918a98e20ae75f8bee8e0dc7598fba4e3d6f8525ef0f3365a5cdefc4387583aa0f5627

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
4992d3229c7176b17eb49883f5507f98

SHA1
1811661d52a05f6bca6abcd10638a327a95bbdd8

SHA256
0d116b400816a7d2e3afd74bc057ea14927a0d0c6e94fed0a69ca6db4c2ecfd0

SHA512
eababdd4846d6cd10a363ed732f6d4c298b405221671990b665387b020a8d3ddfac440106a011497f857846210540bac9d2f2eca4df5dfe59ac6a51cc34cb45c

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
597a1d8a63fd3458121817a4e0eb26d5

SHA1
c9daa38d1e5f515169f3367d867d41761a393834

SHA256
5c1bbe994d48c0b5c2ee2dabf7637f6aabda0605e10ef0f92849bbe8de948c7a

SHA512
c282861a4c49b2ad52d3c7189d3df615f986aa6c0b821c2156b972ca34ad3aafdb6ca738e5030943cb00eb636f10105f2f5ba4cfb2c9c04496fa99958031cfac

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
689ce1c057ef9808a3381eda5e3e3c99

SHA1
d2dd401398b702257aab8d1464e7b3819a2fc494

SHA256
61a7fbeade7c2136e8bb23f5483b391c71925c8e60b74d66acac1b5cf38e1b11

SHA512
a650276976d10cc849b229aa139f23d6d8eac3a8bceaad9cd726eca510999fdf8dbdba9872d576fdb3e6c1b273a44acbff5bbc6716749ac1d1f2ad5099190d60

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
11e25827917c4a0b7e19596f9b80a134

SHA1
93e029847258ddafa3e821260fe4a28c6554944f

SHA256
b86a7dc658d6624921255a59934af3bb58ff1749a4dcb10a807f6da4bbd6c1e5

SHA512
61a2ef08e4ddda78adf53543d111829c595a0f8e0698cbf31fa158c92af885c30c0099cb36fe6179723e4290773c5fe7641a0d1e1052a603f7d2d65870220f39

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
b5ccfa1969998be2c28c91f53cb4c0bb

SHA1
a43ff3bb6179cf79e77855bf5aa6c503273fc9e0

SHA256
aa9692db7c7346ef58f80969ed65c5032fa258f29f3e22efdef6ac5e612087a8

SHA512
676b0c4892864a0f921921f0fa6df765b4dede18c5ade208b98d160bd7656a8eba8ceecc193ab1714c89c753f71755428309b38c067209d7e9e44fd6dd32710e

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
fe234be0954f4de2fe343dac27d94515

SHA1
cb588617014dde9cb3e729d94c05223ac0475314

SHA256
44274ef1f3cf95c4f96083b3dc4c2a4b31e881048d2966140ca26fd1bdede944

SHA512
c730de000304a0144396efb1a403b08977674f9eb8853cbc3622144a00e2b7f4361ef6c505160cd493d0bd8efa1ca0785c0e2d2fc2d6440bbf202bfd32909dea

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
485af2e41438d83dd60b87e357ca11e7

SHA1
9f0b4ad6456cd74f2efbd59e30cc252d4c522fb0

SHA256
8c785b5e97223be748b8f27674ffd11e4141ecc747b6df96a584eadccb13f04c

SHA512
0164f5da20f6f3ab2b48d92d1463ddd23e36bd7dbc8bb136bbae42fcc0a42244eb2af096e1680a5d49d5a8a79dc6e34913f5a1904964b793e0473f3356c73d62

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
ab2a97d9bc208ed8bc728f53d46bbba3

SHA1
3d283531197db120bdab54ebe5eb3cf6badbf07c

SHA256
28632cac916050d831ffa20f18e4772d00b7516005ac44212b03c2ec9deb0b94

SHA512
ce768e88f342fb040edb7fa21a4946e2b4ba703a893a97c0243622f1bef57d5ade6d1e6c2dc8ec642b1a90e050e79ffc922775387683228530f0e657cb6c7f89

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
571049a1d1e507ae4f4e391f11e5b703

SHA1
47c884e1cbeb217454e9ace670227c3ceb78d7f9

SHA256
d07c031831276e494220c112d6b446638f7b0ce276652a6acc0db24d989b62da

SHA512
b3ccd3761d1e6a5c2163d1f28a7167d5058e54a8fe69482069722e97f182aa3ea4f0c1c4e35b79459cd49432101dae91c1cd77712f6531d2e729f05b54b683e1

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
233dfcdc0c20ead010d6718f4c718dd1

SHA1
413f01cd52412748f86be83c9adc46a35dfc0ab0

SHA256
adbee3a826189002dad576ae4e62688a92c8a9eacff785d0aad50a9bef9ba6cf

SHA512
41842db4d4766e4249da51587e657babf88e59f7fcb9c77f3e5165a35c6fbdb2d8d7e1155581b69f6f08ca844eea02992a3c0022d0ec9db46ff34b0094ee03fc

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
bbe5e9e6f4d3a3f435c4c06d863d6ec4

SHA1
e81729b6d9b9ac9e1268bc82f364b29b469c8bef

SHA256
582ef0533114a1c446ab6f0fa076e696bf4d883866bdc2ec243503ff3f5e2ce5

SHA512
b008314a81eddb2b812ebf92d765217fa36201c9b995b94bdfd4f344e6f88fbdbe6eb346730f04dae7b9c48831243186c755b751e604a75a97655c5a61837809

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
cb9de5dd13ccfcb500e194c131e5c442

SHA1
1885ed5094414ae64bc17a368245c7c483f730d6

SHA256
ae5e67a44edc2b6569b331bddf284a0afa4596ce812dcc463d71edbda4695a84

SHA512
7397a7e46286cede6b0cd38730e6689b073821aa500f1198ca5562da113b54f063d06fce4ef8d59fd1337e8f45d5e322f87d07eb8612ceb6ba19c094c153d792

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
838fa31758975dbf12ed40979eb961bb

SHA1
6b84f7c330c8fbe2ea8fb1200eefc5dcd764b02f

SHA256
d9e1008f6dbe5fe86afa1be71245321d8614da727944d1e87520655e640da25f

SHA512
dd81833f3e35e8e215b1cc9870b838126fb2f8522d2c2f9cbd7b628a2920e3e96d32d66ceb785e9d272cc06069fa22fc189d834256a46ed8fe289f38b4fee28c

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
8ace6b8f034e187bd721488fe4fe522d

SHA1
8aa211b20fad2d5e00fcb7ee854f4365dcf0f512

SHA256
27d44238f717b8bcf2b9e9524b050421f2bcfa8f06c137b5dc5bcfeb21c5be7f

SHA512
98df1032ea29fca91e26910b25fcdd4bda8210d3b70b4fdb194feb2f6a6cf7dc3fbb96cc8e5dfedd0f040072bc401e565588fb3c3ad3f0d64046391efee70ce3

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
943f26784e6398f0ea904839fc8a63b2

SHA1
213f7428643d22182f3b209fc81dbbdb7dd4bf37

SHA256
ce8fdfcf1e1cfed0a1281f67ae12aeda52829d5b903b263b4a1f2296157adee5

SHA512
30342d1edb0e357115ada8aed6b8d8b01b07e3c33bc01e19f5f80c5f83e7c2d1eff6191116765ae1164fb6e188356bea6fd666aab023f3be939e86e8c7a2d210

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
0ef0b7ba28ccd622f47cd8edc733c426

SHA1
0092bf0a0c120284996c5c0e3813435df221208c

SHA256
7cd21fe293deda2a04b36380910ad25b51a6ce664ec9d06fa26bf0983911ea26

SHA512
3c59784856e52b26d970583e2f23666de9f6f19a4db86adf1c92bdd8e26717a773ebcbacb9d1bdba72b6957c03a327554fc88cb59a936c1cf19d0dae2009a8e4

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
5d4e4e9f0af1af798b725202784c57d8

SHA1
cf0df6612700b720ef10a7c9b7e883244b209dee

SHA256
20379219cf458d83618ff81d670b8632d200df33101915c913047d3f063117ee

SHA512
a0883240f3d2ddae1d7277c1024917a3d188fdaaec352a79a97d91a0d0d2ff7f1a8b4ffbef662048231036fab570f5188d8881308c84565896fabb189f28dd49

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
158ed09f76848694f74e3fa502d0f423

SHA1
a341e9758919acf4e3fb2c79430a85b8776b3b13

SHA256
99fe36f11f9d1192b8d25c492c5d524531c47da40084176493ca7e6aa577c5d2

SHA512
756b612bec0e35cb192736178ed1e0e3286bb8a11308ffd1530effb906a00ac3a7066c4865df8d7a294b50ee8dcb46cae57569017a808bf3e20e74cb1c65de0f

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
ba191ba1096ae793f3a737c951f2cedd

SHA1
22f43be204b4168700eeaa49e0c790e589171d53

SHA256
6118f404899566b98250891a9d5153edcd51941e374a3e111591ea7d07b14a9e

SHA512
51d94b8232c427da8d45da36dc21055ad7ae5e12bb2bbfd77a783f60f8b8c5578ad0a3cac793a7006e8ccf34f94d278924625ebc9d92439cc02987209ca565e1

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
b3101c3d7b1bee8565ee1716f78cf58d

SHA1
72ab057a3976b44b437e3bae99bb6b5927339202

SHA256
446b1d08456384279e325c9d5a9d34b10f019036a945ae41a336575592d5c467

SHA512
430bba152ca22f8893e4c7cd62e4eaee5ab198d31dd015a76239ee88067d869e277ad5f1ff55bc1b1535c81d8c37be9c6a1c7dbd0c49c5b9e62eb9846c0738d1

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
65c981894f7bab14dfc3f28690f90e94

SHA1
7fa654ae2c65878516bbf84aab6493a2335e39d4

SHA256
5e5e96a43226c5608e0e4b5fcc1fd15e9778ab2062ed1f4f84c429e0762192f0

SHA512
df004bc2a0a0ccc5d936a093741e190f196b23c5757f655fb10e484e997d72cdf51cfbf559f0813dc83a06fd39dfadcb16e5de09e5e942425f9b4d49ae6b9d1b

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
cdf18ceaecb75d1516ff5563b9de9031

SHA1
78b475e98783ef785c7616df12b18d59c882d984

SHA256
ed886094b0eb4919cc427d2898358efb30f3a86b39aa68c9d0f537d41a44ef6b

SHA512
7d23b771c75c417c59f5e341e37d35f0cd6397f4f0916e151226bfd435d9564fd9030b14e0aa2cd0c75cc2efda5fd9e5fb417ef21820963311cae62f87b93556

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
2e4347c3293996a792246f54eefd3019

SHA1
3b253a56e22298a9d8affc2a30db5f9116e642c5

SHA256
e52c46cd25bc81b55297ecee2bd6ec635af4f3eba2deafdffe18a42e25bd33b8

SHA512
f9512b0f6c38db35c7ea245186bfcb68699e5249cedfd9782ece4711ea16efaeb09e88a2c0ed3c746be7f4227b86923e2ff580238ed3426844a7a831ad17a64f

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
35d83b71d63e4da6c82e174a820d6902

SHA1
9b8a13c7ca6736e7efdd7ba23972a19e64c1ef75

SHA256
c1427a2abeec7646738e0abf7b8406691500e9ab685e309b094c4228d60d2d1f

SHA512
4344a525411196f034f200c27375f93154ead7dba61a487602c657e3faf392bde3ee6b5647b8c910535d54c4cedc3a87fea792b4c9e7241ec6ec67d31b80a64f

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
581a16039ca9f9e3bdd8c7cbd027ff17

SHA1
759725b8942200fef8519c764cd0eaad3fcd4a28

SHA256
38d631cb0931beaed2b1306d9a11578299810ede4fdc901df133f594a7b34a22

SHA512
470a68dc33a0e5d04183a56ed8bfffdc6fd5f78f2aa45c6a57937a5967200c2aac5c955f5a5db2408b0989fa4ee378ac6bafbd689f723076ed09239bab7b6b81

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
ff13400fd88fa79401d492202a1d6fee

SHA1
41701b568cc143f0414031ca0ab174ab62641b64

SHA256
3cfc83f6aa89fba3ad69106504e03cad0c21b265c00689c2d9420c4759a7e99e

SHA512
aa2ccca849aa255295bc9a34935db9e68bfeb044d2a7b456dafd06f59fa9c1a6c35168998ecbad5dd479224ae20b6a7bc0c1ff0beb28d9ee203cb778fffc7548

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
6b1b7a9f77eca9869ac0e91f5d1896d0

SHA1
3f2da0463ac4c1c6ef9a0bd0136216efd4831953

SHA256
42cd6ddc8eb241b8af404e5664c67ce5d7b58b748051a6fa7a59e61288989d6b

SHA512
b7ac77306ad2f404d93c12ff309b78b88e2fc97cc7048af2ba0531e9cc707b29a335cef3305ff6dabb45e005c2666d59fb526a88da2469a13f18cf2583e60247

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
22f4f2ca57016ea3da8997516fee3b7f

SHA1
52c958cb0474c8fe6405c72b6b272835cffd1606

SHA256
91e3fec334120c8d5ddc8f2c1e5b4aacdf76ee180837dae3186446406e48d880

SHA512
6975cf91930e92331a9d4980532248b4bd93dfd3704683d4760a8a57881c979396daebdc7e7a99e0fd0bf5d518b2361d2d81012da7d5ef647511a5ae3ee78381

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
e7ee5a770c9a83bf789c04f097b4283a

SHA1
f1d586386bec001a8af70777e8f4da006d5ba029

SHA256
d17cfc6ddc8ebff9d60a16276658e4707ee1253da955ee1d7257b130a0a24f32

SHA512
d042129a47b1e43f71bf1112988c439a60590cbdebaaa87d5fce9b7d35536828ebb5ea1896e0e25ee724832a79b9fbe481e58fd0dcf0eba861d600877eb8e276

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
4a52356673d69cd5150e9b9b2ace01de

SHA1
34546db0ba37b65647dd1d0113cc2676da0726ee

SHA256
b17aa9e95e556232ee9404858ee93a5a2a74ff7408457e803dc44cc697ad1855

SHA512
53692438b131e4e4a403c767c49c92f1871b25ef9edf01ea643b9ad30706844380ffa7a8367c28a19313991e938285cd400a758bed22d38a90abf91202c689be

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
d1526a6682f712c8f8a2f90e8499bd97

SHA1
5b5237b40aee690cfdcbe710ff670fdd95acaaa3

SHA256
dca0a0a19efa63856f4efc478427512714922074b9bc8308caf79e6d4c8f3c47

SHA512
bb77af093c2bfa766acf9cfba2479d3477d9d03f7b7d30f75bfa9056f4132b062ea7c1b8d91a74a72508ef59ad977722d2d47cecf958599a0560b897e908d7c3

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
fdaa252f0b6614e35a5bb2bafc280b11

SHA1
fc1ccc67de435c6eede2df72bb29c2f19004b066

SHA256
7c878043b5aff92a07c4d3e47e9cdad4f6adcca2b790d71008d7fc623d3df149

SHA512
e4fefd086158e97304698846e67dac2887e884cb409c3d4ea8d6d5004cae86f2f822af5be835d5575dbcda2aaa7be9599fee8c51bed59cf5634cd852ed2565d7

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
b37142d699de114b4273312f2145fdf1

SHA1
bec3db6e52a012fabae2cbd8a55802bd266cc89b

SHA256
7b9de5ec4f5b2f979661ec5e199169851405bf537dbb15b40608f46424ae8478

SHA512
999cfb5ba0cc51815c895420227c5316e725fa59aa33ef8562fcce341a035c26c7c6f7d3a25fb33c9bf4dd0497b39f723bacac3078c40ab89573c0f298d16e0a

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
4e206319b2e587767c14617fbcac07c5

SHA1
4bb81f59d3df4acf9dcfd6603f5d8c3c09fc2b51

SHA256
7769e715330e92e85bd2a9017236edb14e45b705767d8b69335f54a1cd9f3ebc

SHA512
950cf7b425795895565227170fd8a1babf9d6ee2d7b64053e3c8ef88b9d748d70fffae347b4a6f1036e8483f415c7e053defc4becaa32c70e18d3e2d7483d219

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
a8c0f6c7777a1ffe0ff763c364d56010

SHA1
957d46ddf7367da76cf3259bbf6c5c7ccd319a66

SHA256
cd2e60eb8f48c2946c969663b9404f240721d2b9a29de18b56419fcb2b42d495

SHA512
d39352bc5f35172f911cd9650e28299e16acda99ff43787f43d8c1b4fcdddb6fbf0cd5a445001c962bbf20b66a0f4b12e848f3264e6ad12fb92aaefa7036d80e

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
1be4913ddcd7a407cefb6c56c49a8732

SHA1
713b46ef5743e70e3ffde5427d3e94bda9762dca

SHA256
485f0f0336038c831fde0b6f9f6a17740099bb0bd4ba7dcd4e756914360073ea

SHA512
55bfdce191caffc77248a1a128dd3120ef0ba01f102090fc5cdea2d505a179660cb2c59fcd360aaee915c279d082d3930cbf55d01da5ff88c6f0a7366fdfa037

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
d897504e2eef137da33d2781e5356aaa

SHA1
1c858e7ef55d8511236eeff5565d5fbbeb092275

SHA256
d16649b9a39249649ede72f068bcd1b006a2cd9f44f110851129a2d62329c137

SHA512
511fd8d1337cb459b77b8a7eb3d4e31ee6111e2de15dd3b1e6aa3af1c6e46a9fb44525584e8c6b2f5b1601b7e6c4de2d758f8e3b10daadcb9efc87ec317ee544

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
76c92569d76121f019320fe0618f310c

SHA1
955cadee736d8ddec4350db4ca47f13b7b173d7d

SHA256
fa6fdfe8c0a36726192b8d4e51ce9d6596c11a93d4278d891f4aa213b38deb67

SHA512
f87ee89bbac7e1bc5aa811d8fa4f7b8eb96f84ba96bbcc008b4bdbc6e5b68a8737d33040848dd0b228c8ebef3ec84e3fd58a07057415662549c141e8af18fbff

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
5b8c18228902e8963a9f42ba813139e3

SHA1
3ef01558f5a1a52aa0f663b5320c8efaa24bb830

SHA256
22d8b9e71c22063200de0fa20f2491eca3e7a2f8a93c1d813a2d38ce017f1ed3

SHA512
47a34e70a348df96a39040a4c2bc8081cd6b708774c22a0a210c370583b28128fce471a285299feb5d67dadf65b8989166d304f3e8ec05a3308c9c9141605d61

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
b0bca6396ef92d911673a3a861e898ea

SHA1
5d5ab4af25175bb919f1fa15a066f2e6b6578387

SHA256
5d8186b7ee56b368ff123d268ef7d92e25f55c0827cb61f6ac5c73d6d52b4a96

SHA512
e1e0e60ca0905397b94cb016d61b49d906009ce6d95f52c6adde46402205762968de109c2e57777471e25adf1dc64c0514b233549895ba5b80c7b930558808d3

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
af748aa45b66125fb3ebd5ad71ac6ace

SHA1
53342498e2f4340d7a43452095be2bd8d1d6a545

SHA256
ab8f7ac7a6639889637a146a76f9eabf331c0dd1d8688d2e61057090585af524

SHA512
1d2259bec840672a61be1444dec94b0dbfac1cae0ed1653e419b54baadad15efc55b2053b7aab0ceef84baee9981ac65251f5c09366c303e2de54df60a78af7c

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
214e8f411342760da15f6b5ec597bace

SHA1
b0834d8c49bade6d5b6a75ab0a80fe354e0526bf

SHA256
456ebce3d55ae5911bbfcb00b5a0b71ff28e44f2130a9c6c7ce505b3dff6334b

SHA512
8b14898821c642a6742b5a1e4e020ecb5f9a191934bd4cd9295ad41b46a4ed575226724367d14f930ef163b8e35b6d348018b8b41f143059c5f3cf7f83cecc21

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
e1999faa3ac4cbf6a075af8bc6d78aea

SHA1
0604a552bd6e08ef0e8e41c4d62b123cc58f0ff8

SHA256
98e29439537e66f22ad87c578289ed6345c310e17e0cbcb1b83d3909d9dff12c

SHA512
06119ff234f3f307e3e89eaaa4f251eb996cdcacf5924f4a09520eb39d6d7745c17f50428d7ea9cc4c101fcb6499cb0d8ba9e79e339f84a9dba508804a5ea4c0

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
0d875afacf589868d29c9300a7f32d59

SHA1
7db0d1741441066a61c6d26093066a1df9ef728e

SHA256
57e23b35fd2f71489597642348ab87dcec24717dbd9542473c3c6e0f5f5ba756

SHA512
6b0c9e66745bf770806a8ef4bad66abcf3289686e5f6b69f40da5846f8e9fab47ca7c0adf6880d7d5a34acf73872e3a4d65484bcca25a447dff0a58b37297d26

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
069e77fe2c5ed7c83bd636b944bdd145

SHA1
68c1f33ac7654111f76bf5105dd190fdf3773ca6

SHA256
59eb2db45f86eb8af4b9df943ed4e36e98c09856127590e89f9ad4b85718ae10

SHA512
35768204cae96ad5b80327b06ed09505bd9d748d4d190b780b27ff0857f7ff6c8bbdbefdf6b29534d1005f97eddabbec12da91e36d29017c01037bb3662c5164

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
37520a66a3d4ee0f6ae9927cb3dbe20f

SHA1
30aeca4338c0908d77b2545d4b7bc521f54d5dcf

SHA256
5b90465536e28ba604192ce6f90ef61e5f4cb6290e808476df1c7a9d428c732c

SHA512
70abd0dbaee6b3dba70ae4ef7f2f6f6d8aec1619e5978f4d751b4be43c2f7cfd355b204f5e38659f98d6fedb582ca4588b66709ecb30227d0ddb6b877ade14ae

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
fc348b25713395028aca0b26b99a4562

SHA1
49adea58109f2d70f9c7ec79ea181db8370485ca

SHA256
86102d38ee235656ed10c10e854815b8942cac4824e2c6b6be84779cc67ed53b

SHA512
45d897192025800c19e1e4168bb157c508715986134f678a6762b660c578e94875c3e8482779f49b67ab39648f67d9dea9aa39e41cf00de7588a7d9a4c32d361

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
f270122bd261f421d1b9af16efcbf6d2

SHA1
f7c6901b45d0653ae3a505bcfb2f82d63b37b5b5

SHA256
14bc00c6dff1c43a2c51c2dbad29a7aaf949a469888f84c8ea37e71b83ce767e

SHA512
200257d272f95aa45fcccb2b4939949cbf0571ac0570ca3cf7c609777e09fec59c65d94f4796bdae8df8625955bdd11b8b78b6543f1b2b958f7580b9ec7f947e

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
ec6990b5f8f0c45edaf7a191d4c65318

SHA1
29cd32c599af033d3d9b7de5f8d160e3fe22573b

SHA256
b73f7c6bf328471f48188d5880ba556849d3fb2990ac5f5369b8b8e9b6dc105a

SHA512
1a50bdf8eea4dfe9a99b2c1d5dd82dd400fcdfc317440f95a0365c64dbbd5c026831ab98122359c3e519a9cbe8310bf0b30d17e3ff499ea7a4ed2895eb5dc0b0

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
2dc4c6330dfeb5af5f87fba659e6d07b

SHA1
1ab34b26186e7fcb077d7028a896c5b8b342c0d4

SHA256
980338ae064d11312b3a34249e6b7a75907b36f343d42ad3ae77288eb08a15f7

SHA512
26ebd90956a453130a929d39b019818c287b556688f8aeb9ecfca9b807c8ca16e13e7f433f816294cf9c514803ab6b680bbc22a8ef2e297460a7d1c25616ed6f

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
ff31efcc334dbe4bf389c228bb9c08cb

SHA1
6cf0ce3d8bbd094c2ced81ce06f0857afdd1e97a

SHA256
7e0b63da884f331b47e879b3ae89349abce664f2c7c4c3503f9d48b7b5cd7071

SHA512
bc6266c36efc2007dfa8240cd21688fdd4adff27dfce74b52f156525d7a939dddc46e5c4321ccdb3d801e0373ace0696d2dd2fc685d2a3a6587c97b35666ee4c

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
fa476300185c46dd92a988b9c0f049c1

SHA1
419926be0480af1ef96a72afcb04c8952611ace0

SHA256
dd46619a2be5273623284d1d8480fc70d05b72e2efe8bc30fab0b94d17bcbae9

SHA512
036b495b02b2f23272031040ee7eba46a1355287980bd863c1d9de68ec5c95b29c49176476005a0e914d2f2541823a2476a1dc44df2f25cbb55d9eb85a8a7a65

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
988424a3604ab31c8e053bd4874b7ff8

SHA1
7e52a2930fae8e124703af22ffdcf5f9c9f5395c

SHA256
b6e598f296c5262c3963a73f67e64b0c76613bd41afc10fa5724f4916164449f

SHA512
0b6bf36a1d73636fef8cbbbc55e79aecff437b2af2a93d54af86daad75e1fa931991abf28d7af8714107e26d8fa4cd03e1c35b1f6239ce59c8e380f06e828dd3

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
a0111a659ec0ca7bb23927cca0da48c5

SHA1
7cdd529ee65d9459dd313a9f7a4895721a638a4f

SHA256
3576d4d89d9b70435897201808e0f88c0a77a1617096b5bf7bfd560f948ed533

SHA512
7bd50c610e536b1d632baf0ca702269c0d943e42f7a9ba782d35bda34f3fff3fdf7c25a8cac0ee77b9c4e0637c90e9b106d774df89e1b692740a3238fca66a7b

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
3486c3d20176b1c3176b87fa040d74f5

SHA1
4185883b3c8b242c15eb373bb61f189fdbead5db

SHA256
e3c4660e286aaa9ddb8008f34ab638677b7aeb7eb5371f415847a829d0de4229

SHA512
2d6b022b581a6a14bcd17bc440f4282887d67be17a8b7c897c86e50f678a3bd316a15f5cfb0f84b2edf91ea35b83f79ecd5109e569adad6eb0abcc0b64f44158

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
b710f78be78495a6fbe654f7f0cb7027

SHA1
009ec37bed14e97f59e18c93f0775981e9b2f286

SHA256
2106ec1e3613b29e6ad40a050c607e94cb5908f783b8fc5741401e4cb3cb3116

SHA512
874ed0e8138b1ac3fa5d0f39ac119b14c1729a7359ce3993a6e800dc1110b64f9908a235b75bb9014a4e0776f0a5c2116c582c3d84ffce800f7efcb0d9d121a6

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
226e28649c81520f7cbca6d7423b5c06

SHA1
4fd9a12ac6d591475dcb6187bee8c458d119aa7a

SHA256
aeeaeef2c78a40320a5fd20339dce911307f2c80240b412a6295b939ac285208

SHA512
81b36ecdc2c1c04cd4f08541105e8319f37997b4b59d8a9b668599baf76f62b17826bd5ae05df1c3facbc19667bc385d34e13520e3f846f857564563142fa863

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
e53c3dacfbec1116d413d4cc5922ee4c

SHA1
253a5b435b9eccbcfdd33a3c2a5696c613f10cc3

SHA256
5d8128eb6697e266f3c5669f2d337d0fe8b4a9da5d93a5cbf9c2a34dc3a9b4a0

SHA512
937a71703c5ce1f1a95b151cf0d90e638d4a94fd442c7b7d9e0e6b94d5f5f24b602da2e07125c83eb0818eb0bf39fa9cfbd45f5452221930a74babbfa9552141

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
64f232b71f9dd5c5b15054c3819a54ec

SHA1
a58f8600c910b4a1c499fb1e14cd83b2f2eea839

SHA256
1722ed9e65727a3d5f3c6579e6285c26a1a90277715fca09da8106116e06e7a8

SHA512
9a50f0ff6cf7ef73ca1ec4971c7133fce877425bdcb27f758e665dd98d534a9bdb66bb6494675413eae76b716e12677a9927ce374b28f84760f648e71538410e

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
d29cc3cbdefd7cf6b6a97cd7fc5a0e25

SHA1
9b81bf6cbb369563d28283774d9dc6e704475747

SHA256
e7dafd46985b526d6b8cc31d62ddde2b343b44c1f101f45da417ae888eb241d5

SHA512
208b2b6d508c93bd7a895adb45fd3c5a0f3cbe9d4efd75ca22f0477ba325b9a42b0b197e184a42a5b12becf1b17adde80aa897ca23addffee5206f7bc97193f0

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
6f7e6670f8297bdca67001d58eebc115

SHA1
091149da4eb3626d844ee8d617d27c3149ae3c63

SHA256
a73259acaceaa68a767862946c06e9424c42088437fa310ca172ac2f4c9424c6

SHA512
888c1475521de11c73e4c31034ab372b524668dc52a348d8d0becb99b2fe5ecedf1dd0ccca7536d462832e103ff8be58e48c576f120f4b1ef520e11346bb2e8e

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
76a592582af3a5adcd1eeab5f149c8ac

SHA1
4d819cb183bf47acd3c722ebd9ae75a1a1c2b297

SHA256
096c74e09746072388041ea0b3e6c131a975370a59ea18fba599888f1e923545

SHA512
db6b00a0857033b72851715ed8babbd740d1d0c1e53bd543074496fc6b011c5d5fc4bcd06ecdf893d059d56b55ac379322c355356b6b0df0bea42e5c949b5c2f

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
72259c31affc93c081b8aedfd852c638

SHA1
2ca417a1882e0689431c336daa4a80ac1b72ea7e

SHA256
4d6611f2e4fe317c24d75f3255a3291dcb1b98a0823239265350295754567ece

SHA512
71b99f4d061f5732f3cfffb1a4c24d0d1ba86269b874a0e304a99f4dc9645afa3e4bdb3cef27e9c9b55c8066a7cd5441a5613394b3f3608acff2b34ed46a4696

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
8fa5317711bb492952a20e45fd6eeb97

SHA1
3d1056befb8dd4c659159ff77b011cd03f8663d3

SHA256
595695e9538872efc082ac529e4c81f7291675f6496f8b7eb189294077fd03fe

SHA512
007cabfad62e88f5cd3b78ce621892b57c93b3330fb0d79b1a746bbd4dd9ea7f2b85c1d6ad4c51daaa150e6db7081cae744cde51df9162ac108936249b78a3c9

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
fe520a8991814d4d71cb9ca2a720333e

SHA1
72754d59030bc44ec70e69d31822a882dcc0d829

SHA256
dea449a6e8fb3a7653ca4df6bcaab915ee7876193611560157b05bf12326af3f

SHA512
c4fc26b7afcb3049d10a2e0c93dba8b9b1f6ab01d5650258107e570b3a6383ef66e2cc662c7b461004a7eb75ef6284bfc66c8fdeaccb722f2c89042d557a7afc

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
7e2ca5de5cd5384abc5dbe286c3c5fe3

SHA1
776cbf94b6e96408a2a5f2867a8e9f182b6b6778

SHA256
edf2450a5274d5fc55b10289c1c7460ceb5b304e95641777c6a756237527bf69

SHA512
bb5962da0a987be02e9c035c32b0395e3c6e9f8b0241c3bde863d64c1bc8e6ad84f965062aad2dfea807a33d483c80f52575f8566fa3bed75bd4f0c735ba3297

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
bce7cac91d40dc319c6c186e2173d531

SHA1
d213c6c7db64731af14bcd65f2ad1e171d0e92f2

SHA256
cadf6de35c4bff22a9a9dbd2fbbb742a49b0c71477a0eb601d9d097d76205980

SHA512
0cafc4498df910f7dc740e9495dd6f3f5733067ad16dc46b6e1cfc9878f6826d79a5543a24227e6e5c45ce4b8d3c9b6adb9fb79e54d1861a09cb66d7e758e15f

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
0928bbb76fcdc3196726b77f1f1fb46a

SHA1
666011480c15b99b0bffc460e03fa38a82416ce6

SHA256
1dbbc587cf40efb79d778e27cc7850644006d64f12d874602fc3010dbe63bb0e

SHA512
f10d5dee6b4db1b6e228d00ce2707a51644fd49cc9762b0f7317b577aeaa7f8ca6cf43fe3cff7a0c9fdecffc6252906dfcf36c27e8eb935cf9ab6581572f93e4

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
39ca9ad00fea8321afa6b0a532c661af

SHA1
a91f44f9bbf3ba0155c72c0992638146413bc651

SHA256
a68c26c9ca127f12d2d14c595f3533279ad3706107e0f3948f08a7cee27ac47a

SHA512
43cf3eb531acb049193a6b0323a3b72d32ee40f5afb36ccf54fb3f9024c8c8ad95099693ce2b24e931ad540d1d4ffe04252331fdb164b5b7e2c565315b1b9bcd

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
76d4d0273ecfae5c642974c2929aaf0b

SHA1
c548b13758501bba1a60bb14428f9a164b84dcbf

SHA256
7f5b6c8f0a79654eaf212fe9a0bed107f9b27e7d9f2bb9e0b1a75295d7c87b0e

SHA512
fc5e3d88a0e04e362577876e358a495d96a09db455222bedf4daa855a6809c0379f038a0396e9785a4d6bbc1986b71f79c264dace03624771bed9a28b6f8570f

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
419cbaa045edf5121010b89b89343e85

SHA1
f390aafbf20fc4c82c92e83d3f1ee057379895ed

SHA256
cb6c0e67f6b21e8f47e149f83346eccf219ab73d26b6f9182ee8e17344415aa8

SHA512
200de025e716d269068499ae55f4aa46e8ed24eb913543a2bbc60048392a59bb2fd1ea8e15e995846edb5664d794374eaa098101488a49d0438ddd2bfb8172cd

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
2beec8fb74c4de68c4430162c70e0434

SHA1
91185a0d32c81ec80f6af55dee38711ffc86cf46

SHA256
41e556d00722c60cdc8ce83c48af4ab86d6a75f14adc0d6feab9edbc78f506f4

SHA512
808528c3635b1c622a9f513fc2935a9d141318b10e212cd2718a13c1f39e0f194e850ebf4574176a958da345a27f799fb4e2c45737ec7e4577123dc16f7cba53

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
03e3e1e942a4cda89f20f9c89924fd2d

SHA1
3962000c422b2ba1d6edfa7ff1ddf9671dd061d0

SHA256
273987768498bb3eeb3dd912c6df49df78cc755d07b318517bd15c7a1fee24ea

SHA512
df4efd718e454b91823f0e8465da703304927ab8c72cdfe4fca0e00a183af7f39e7e24e67ddaea4b830fe3dd5723bff9d352eabc7665a56917abb96e16857b1c

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
3225ce98e8ae4b1f61635c57062c49f0

SHA1
c053ed6ba5c6c5bbf9c4f2777637f9c811e094c5

SHA256
6f8b9ceb9f76e75ca720dafc5d93f120fa627a0c7e40d491324e255cb9976584

SHA512
68395f2cdaaf87a5dc8bbe22198c28dddd2db5da347b0c6baba70c5b16e27e4834506cb7e183abe13e47fdfd4fedf5e960b0b744d4cf217d10a0b1cd4e06fc35

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
2ef07c93a7282f4233a57ab2c381607f

SHA1
296c77dad69f2a7ca3d60f8f9ce4df06faf2cae8

SHA256
6874bda10360539b301d0f0b448b8350888c80a1bc9fcb081140585a407ff64c

SHA512
75874c9dcc546cb5d92b1e10dd69a982b3d11a88ee76b9f14d2e889756b04f558d2b5688d900a53e429f491b433a8010a2f5329f4db260cf6365cbca1f29c9d2

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
d7ac24bd6d765f73b5aae2c04d3e2425

SHA1
a4ef25808df7efbc0fa3374d626be3f1ed32db12

SHA256
b378031cd694ccad3e8151381609dfaa818505b81c5b44566d8871bfb6718216

SHA512
40c6669fbb211f228b4fc401b2c960f3234f40a2b2effe4db0bda290f2133b4645376b516ceaaa6ddb80304fd3d9e51b31476780f0a0d56e933572d081065505

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
88c6cfdd4d8550291cc176e78d9c1375

SHA1
3edec35d880204ba37b0adb1572cabdf59d1f241

SHA256
2af5598e57cd85648ecb2c7459e0c532e56862c27167a1aecdf9fe3d05a43642

SHA512
e2eac400bf63ef995d52f65d005b36e99b79ffab683d20110e401cd52c9a037f0cfe1e98c9152aed2521784ba4593c8b936b59823ff87a8ecad0f0cd86ff8748

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
bf23c414339120de8d3221a03478f48f

SHA1
d87417ebec9c93debb0fb23cbf676440f269bbd4

SHA256
b152ffb9a26392bdc1ac86b2a7701f8662d5905886e85dbfe6ada303e8bddd30

SHA512
c3ddd004800e178d0d92cacc5a814c007d7ab0dc98d8802e271ea86020f190d4b5e9d45659f8c469be8c2b402a93bc8b9a4aaee75dfa6afbb82757a4c38dbf1d

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
cf17b806eb77fe1b88003041a3274f5f

SHA1
0687bd1c54415140af391334c6ae866ee8e0a6c0

SHA256
cd2311ba973519ecdcf680543417fda097b8a5f1fe425077b4caa9627d58bf3a

SHA512
e883ac669c6af79f212c76d4232a7dc6ea8c6d22e5b4b4f1be54c9f637e8e5852e20d02825febdf242f74366bb9fed58ccbc364f706ac0d9a35accc89c1e0ef1

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
92a60892e1c613c63f0ce6d97b94daeb

SHA1
8557c3fc7367416cbbdcbde238e2c7607521a7aa

SHA256
76f8ea3769fc443f8c8872a6e0bcd0f5004941d688d0d8cdfec63797fcb9c3d0

SHA512
997adb4c646a1b5c6d0c6be7dcaa6d59f01b0c1feb96231a71285d6293ed96dd6345b515a43194d4db0a607f3550fa9d814da82a01ad46ff4ba50d191980605f

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
cd7b31e51ab071fd6eb49f513566581d

SHA1
d6844fcbfc1346edd10578e698a70517f0adc990

SHA256
60dd35c463e256aac9cba0e96576c9162a9f2007668323271750b42909866a30

SHA512
4339ffe09691cac9c299db598c980af2cf94099eee65b71b664e95b211e7195df1da138c176ddc3da846f8fe08a6000bb038dc80206542d80a507200d92e9a66

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
7b2e4c0392e3ec4248bb05bdf00926e4

SHA1
2e12b509c8e5a89ace0c18fbda87fb62e7b3f575

SHA256
3d17808af51f7379183846185fda85b724ded1097703600e9b277c0a84a0d4ae

SHA512
388e24d0e99244141c69af2f0f81b346ed5f43812859ba2b720d13693d8d1d63582d7d5780168e053c1e584d16c89343a281acd207fa9f7b73ef3bcfd43d8cbe

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
77a24a853ebc616b5ebba4351ace4e87

SHA1
7f537348fbc24a878cae11cb1f60fe6a7b64f5e7

SHA256
210f1f7a1a398c9c0705562a81ba2111e59e1189e1ae0c4cf04b4429375850f3

SHA512
0530fc273b30a63fe1f962c35fd35b18ae84d12f0341e90da5794c5ffc4d570f600e499e74ea15749700dbc2bb409c28d522f9ee71c2e32519fe178fc68c9dfc

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
91aad0b89347443d7125c0ebb1140fce

SHA1
2bbfe8aeb451bce2287732fe3820a889ee59aa3e

SHA256
cf3e0ae711a7f0a9ff5a1cad721fa3c6cc0e34260fcb6332fae5761a30ff5108

SHA512
ffaa9f5cf8924806c33ff023c90ecb77b1178c8c8af40c8af15403722520645f85e7ee96e090470cc689057f22174d2ce2f9e660f4cf2c601a771838a3d4df32

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
b22c9e9e44496231863ee5e29d0bb0c7

SHA1
b9c67dc720cd3e401efb2e3ed3086401d0b3550c

SHA256
1c5dc9b75e01717559468951ede33fda2be4ba2ac137a8bbccbe178ba5e21813

SHA512
ecfc43aef5ad47a680d871eae76c3a75f4e43f1a34876b6a01e1f97a52c4892836f08f89ac0a2227dc4de994d567633ae2578f3f28a10390e45406e9b0ff4bca

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
50f4dbf86523251621f8e4a132b9545d

SHA1
69ed465979ead6b2fcd752875f1ed366d4edb5ab

SHA256
25b18e5348626a5b1155eebe647bb56c7f122506a5c4e287869d4244601f7217

SHA512
1a7dd58c99eef2abbc97cfdb7bab294361f9c2ebe682792291747904c4e29d1ec66b5f837b15e61fcab0eba8a0aa1012df30f23095876895038872f642fbaf42

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
7d721662b506b0fed7864b30d330d1d4

SHA1
ad8882c5435b262c0077729108518b25985ed6a0

SHA256
63556e696c35613a1d2008017dd0c1f9979c2414a69d607e2fa7878e0c0714c8

SHA512
5548756fd7ab6ecccdcb56b49a1aee82c864bbaeb7db10536f4c28a3cec4d068796507dd872200f8573148d558fd8f3010b8847bce8b99704e3a5a66e866e650

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
329d74e0e5951ccc392f9382f3204135

SHA1
6b838fadb8de3b58547f43b2f8fdacf87138fa23

SHA256
f6361ba0591e66661a244f4b7ffd87ecc9e7d092ed40cee9639f2490fdd96414

SHA512
9bd8e78502b650cadf389a83dcda6d38004abb688c9cc7fa040192ca2f15f8421e5fcc1e13669b1c33f23f462ea3313accdd00a4c45e8247abbf5f6b2c6300aa

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
e8b39eb65dc89b799cf7f9fb2e3a278c

SHA1
94f0779593131a0c747cb187f9f5b7b16f9f2b7e

SHA256
f716854a105887ed680caa4387c10ab868c98b31d8951da94b7b17f6827a3c44

SHA512
82dc6b522718b84c6b139393f8f1b699d22a33b90baf8bb10e043e163ab6c97c46c86d7d48be1576ad9607c5d91e7c1cd61c52f279dd9d93a9998fe844461d62

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
ec5e81d731d487e1f797d38a8940927f

SHA1
6d27a54b9c7ad116a9db79edf0dd3e308e9fe00c

SHA256
64cc75a4e063d2a7a16a198063591decc3fe899787ea63a997f161e1120ba298

SHA512
dda69f8b5ec261d08114f3a2baedcb8ba42e79ce2768956bc76115b1e9d19e5fc7f505ef61614b6aa79c8d9322906628616a1fd137cef2d76c49360bcd30253c

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
fcc022c6894a81a013ba23ff40eb63ef

SHA1
f674678048d3a1fcd3090d73eea6fb36be2243fc

SHA256
6ba40c8773e88d3bed14e7406f6e896ebb8e462b48252ce3dcd3d96364e76b9a

SHA512
df2ad3e8f28daa60521d0b8e3caa816ae6b2cf8d9ac80279703f9570ad26e3b777a4f6f7024cf4b5b98e17488b7f5b6ad7985701bb39f31c5fff3a578f4f0f60

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
6bc2c998e455422b6b6e8c0cccbf6333

SHA1
21e2e32f7cbc8d5805c3958f995e1113f690f4ff

SHA256
30540f42f52c707b342afd9ea2ebb2f1f0a18788a964b9736a6bad6820cd34f5

SHA512
07bd46371e7e9cb5bdbeb5dcf60d6c595e3823e03ba57958c87e505bc111784f7486184b5534ad4f00ca190aeed1e6bf13fd8ddf2b0c29817982caf613776c85

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
411760ceb038ae765495eb0c69b3c837

SHA1
2aa25cf66dfa25460e9bab67b78065df18fb1ad9

SHA256
13ee0635b0a7b9ffdc4efade1d32d16cbe97e73dd7f816df7ab0811a618856c8

SHA512
1cd40bcec15357a0febb5cef93970977e78becf63949621949687eb4a46a3b7cdc40a16b23ea8afe1df50818ab99ad18f3a7d7561f9a8081086faa9cfda3c1a1

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
7a0ada079586ba69f9d9c0c5e5352b59

SHA1
04d8267b44f6fd4997fa5ad23f956da17496821f

SHA256
cf24720c1e84b064ff1cc6f43bbfd477eae1854281a0ef712f0223f7d93d3fc3

SHA512
fb39d58f1f2a8f7bd5fa9d2808b998ce811aa9e56ebe0f11b96f133a38c3df7fcfac845c51dd5ff3cd4aa40eeff46aa6414f0f652c3769d9b37e58ec32370908

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
8f2eecb8967d96361f5ecfea2ae7b4ff

SHA1
99e5f7181c8203f776cd1796f39c41149a351b81

SHA256
60bc2a1ff013c9a4df18a8340a242d00baeb46799e652ccf1d4144709b8dba71

SHA512
5f29d753d41963b81dbcf21ea8e5c661b7479df3ba9b5fb2ee2f093b1c3afd25de66e9911d7872453aecc94bdbdfa900bfba5706368986df586df903af49a2e8

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
7b7439bb0226af4369624a6756e946c8

SHA1
b5d602fbbaa11b3b0f7df7a89b1ac9f3af1ad5bc

SHA256
081ef6501c1f060410ae4f0832272fdea270bbbe73efefdd5786e1f81bd94a75

SHA512
5708cce8ce793d5ea81802b0259739f1bc2645762d7c88deef1ab02a22fa42175976415db050b4efb142e0ee777282366d91ecc59e77d9b69fdf77d97265583b

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
862d2bb5ed0999f009fc4d3691e8cf7d

SHA1
cc2a981b600ba365b3657070b61bcaf152e44795

SHA256
601030bb9a93bbeaa75f7c74683b451f9c9cbfa78e33a7116d53be9771a3e957

SHA512
4f2c115cfcb349f63112aeb21e8114c618edd57b0aa8a5fd4a824b9af8b571b9485fc9c3f599a8b1a542232f9153a1927588a2271bac85a3556ac62f2d43a660

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
f5aa07478e763d908b72a7ef85c458e7

SHA1
aed27702cc57427c3b1013b26b4f45ac1cb0161c

SHA256
b6083f1aed78954c3a97de9787d8e268dcc594615b2cdc56cb0d01ca13e2fefd

SHA512
4dd9b831ff337f3888e50b330d75334cb46ef580cf7072b89b79c575bfbb7a04768d3dd9935b4b956c5f314ddf9fba7ec93bce3857e95fe7d7d20a465d63e6a7

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\app_down\1\Inst.dll.zip

Filesize
227KB

MD5
9e33646f792d18e8d320d421d0e86f91

SHA1
eaa4b940bb6fde1e5ef6d1d20fff5eae61a8a30c

SHA256
35f5b313dff7e4c899b05c76c3fd1b7c53bf40315ebdf88c67c97a71ad502470

SHA512
2d14ce60618e6c016157a28b7e316e608cc5a6ada5cb3dc0fd1b1890b8e1a9dc997085fed8a38bfb2b1774f7acc7ccfe0cb3716ac09aec453cd7ff05c7d9f040

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\app_down\1\Inst64.dll.zip

Filesize
256KB

MD5
09bbdd347d001c2fa5f9a93fa24a1557

SHA1
9866c4ebf02d0ec14f7e98c267e2d8a97c2e0075

SHA256
7f6a4740d4c51744adae6e6c629b39b20b9eabde064005ac4da7a1d00d9e0d3e

SHA512
a10ce8fdac3af65476ca8fdc604f4e570eaf7e1847d25c7613bd9dd188dd5011d5287ad489451c0a2dd63943da5c4b36fc37575c3320551033073afd642c269b

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\app_down\1\appupdatelib.dll.zip

Filesize
163KB

MD5
b544fdb8ed32f63bc866c34f5f784e27

SHA1
d5d93e2c968aee66618931029c53c5dbaffd6579

SHA256
41ef8a7cbad8b57b8a22d4b489a113053ff91b101218ef44e90333460d98f7ae

SHA512
6eef5930593718a6e1a913373b11ebb62c8b1033ab72b6010abd6cb7005162a770a9d7fb2ca67a48acafe797498e867ec4f5a3bb2267f89369cf97f12858fc51

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\app_down\1\appupdatelib64.dll.zip

Filesize
194KB

MD5
2e8dbd4025bd89af0cb59d4b32f21d8e

SHA1
07028b321f3f8491c27917ab23e1eea4db4278f8

SHA256
49dfe11d102cbff04dac3a73491c0d24968cb522bb23c4f99c0e78cc6e1a50d6

SHA512
36250fc011adcf87c495c33b13bc0a4076d1c3f1cd5c87d2a3747374adf4df4c8276199ad7d53d27edf1bce320c978a6fe3c0309451cc7cf4c267c7d45281bd6

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\app_down\1\local.dat.zip

Filesize
277B

MD5
1240ee97fcc39cfb374ad71d463eac5c

SHA1
2d4652ae04561cd5e9e1087bb0279c09ff3b041f

SHA256
e973603e6d29ec5f1fce5ddb9632b22f374d22884eca3b00572c2c4a3fb4ac20

SHA512
e9cbe31873245517c33d503727c60c9f04f90b62bf0a4337d706ac6282613f7c401b39dfbff5d8c9216ebafdc5134cf015afcaa2edce6038b730fac651f2a6e0

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\app_down\1\nvi.dll.zip

Filesize
109KB

MD5
24db7bdfedf06df16dbee0ff70595983

SHA1
9a9637567b907ab3a07504e0f962c8d3f5ec41eb

SHA256
23cb642df209c3e459337e3bb67537c9819719068bf494ff280e1e1543c154b2

SHA512
8cb2da401ddb09e668a4112321bbcc5f056e64ae309d1cd8bcea8e7706bcec989a1156c312988b67fcb7286f9d4f7c1eba444b1e1b2b21a3fabd72acb7f7dfab

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\app_down\1\nvi.dll.zip

Filesize
109KB

MD5
67cfda43ab528e12a46745fe07fd6833

SHA1
83afeb4a51f28576a320158ab8309b5e3949cb59

SHA256
c4e1b4a132f9f786c6a2081529b4826dd56d06d80b5c9b1c628571b93b419ea2

SHA512
da1cdcedd09271a9fd9b71266a849643d27299653f8b858d0ae31c02bc94da77f8abf53259bdf9e964baa84f4eabe8c8106bca4c638838baf451680db450cb32

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\app_down\1\nvi64.dll.zip

Filesize
121KB

MD5
c181ce250513ee3a2d885bf49618ca95

SHA1
16f4248f6e9ccce8eff4b571b9beeb1f980675e2

SHA256
e92b0d95126aabcadb814ef2bcf623855177591f2f709930dc6a2f3896427df0

SHA512
25a9a1a072f9603d22db205c915bdafa46605705e7f377f089f069c3df843da9991432df921da472be5fbfc0b7f84ebab3fc71204988e9269c01d04e3f08eaf7

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\app_down\1\nvihp.dll.zip

Filesize
121KB

MD5
a8d7d38b1e8b465b46dd5ccf64ae8738

SHA1
8643a06d7ad40e3a89fa548ce26bbe7212d31cac

SHA256
2457085c1b5d0eb2badfd885fd935c9c4f3004cfb12ad46f7e7e3f83b07de76e

SHA512
2cd6b4886bc50f5b221645aadb1876f9ccdc67db46b70d4d7cb38730709a6d434447134adf91db4f0c55c3bea0c078a089a7b7ad2f974e007b1c4b5f1791aaa3

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\app_down\1\nvihp64.dll.zip

Filesize
133KB

MD5
eac088bf451197755a03bf6f18d751b5

SHA1
e9418ca9c9ef8377a81eaf345c22ec4c28684a1d

SHA256
436f67cb27ff36fa03272283c47c550b1afa4913d1a3a86f887ceed0b0cd6447

SHA512
baa99f8bffda659c05f23b9aa979663131f1d12e4fd8be1aae8ff1b20483902c22b0f4ceeed905ae2d55bdd42a85af3d1489130d51012e67500d25fc8d86a185

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\app_down\1\openvi.exe.zip

Filesize
132KB

MD5
b58c430e86293a0752b3e166db71f549

SHA1
d6cb4218d54cf5cf603f8737ae6fd2c4df54231c

SHA256
e26d7b5dac90ed0c8c5a9f5f75e0c202ec82a9e01da8c8a3d98d0752c490b0f8

SHA512
1938a8676dad653672d70f0298ddcba50ff84ba0400e9620df4b2124a2d4242124fdab71a311bc97508a9d2bc89c5c92f3e9b2f436cf7350db521c6f6ff79735

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\app_down\1\updatepolicy.xml.zip

Filesize
335B

MD5
a4cb312a269634dd60c93b157b38b5b6

SHA1
818c009e9106b8da0b3632ea16c34f4557ce4114

SHA256
d1993e9d7fc7bde942a11a475d0b6b38a7c21b4d99fa783bda75c414f7a98696

SHA512
e3728394455723302841b403ba61774b31ba6413e4337781ef4f6cff478085bd96d82592c44c2cf17629a5113545b4e6cc056e76d056606c7fc347ef2d1255ba

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml

Filesize
320B

MD5
eaf21d79975b7c9ecc0dead865a47911

SHA1
3fbf3c09259b2b0abc74ab10dd4d582b2c7c7fc3

SHA256
9be13a9911a460901a10eba1321f7a2564e8530f6c2d3d4004018885f8eb51a8

SHA512
cb5cc7cbe472f279b0a2849c3bdcfe652480dc2e8d49b940fde2768e390c7f126b5ff9dd9af2c47153a6903ff8b7859441ef70747d910e357c602bf808ebdfa7

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\local.dat

Filesize
184B

MD5
515934c8bcc2406da8a735cef587a425

SHA1
c8840716e50a9450dc6d3840fe754bcb445bb96e

SHA256
2819fb6b8186e047e09b91fe5701681538dcb913a2bdcdadac93cce9b5b5dcde

SHA512
914c4b8586d55fbff9a7de6830f706082f34212ca6a70107759ec0fb91ccd24248331200b0c712fbdf1b349a1f7941cc44dc4c35b6f58dd6f8797bb40e568693

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\nvi.dat

Filesize
351B

MD5
54d1f085a47425dc101601cbfbe40447

SHA1
d99807affd65484a9cae4bf695a494ceac5a7c79

SHA256
0392b75e2940b19eeeff4ae0bacc317596d7a71d1eaab8dcb11c9e5938db3230

SHA512
34815e750dae0208016a920e043aade582c8e3c2a404f220302dc4201649967d6a6de4f74b32ddae3e6ca66a49f96fc157a60b27090ce0f95cb42ee42a41887f

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe

Filesize
11.6MB

MD5
99dd194b2873b9f84af82562ea82f76e

SHA1
fccdfb8b701dcfcff516fe1b91e628aacae9d971

SHA256
4791757cfc6d155df21db4ae0470268e1f91328a7a88407c85b486d981999e4f

SHA512
03a40ec37d0ebb29e0ef7a5f6458887c38f27d8c0cc14f0f4f0edfc0a35cbe4b84dace9eba70e943904a83b4b599bf08aa9552b0e0f389ff6c894b29edca1ab4

Download Submit
C:\Users\Admin\Desktop\bacdau.nvi

Filesize
172B

MD5
bcc08d0501b43029b9b705f920dd7704

SHA1
70bb6a66efd51c0d65b7b62c959124d8af070abe

SHA256
3d01d6cca4f8f7f7c1c5490a00e47bf33d362a4db10aabeb9b16cfe848994c47

SHA512
1bb92838458226e29cabb2b48bc65555e62870378dc9b3519efefea41a73252ba66a870df910680f13f5b5a4e252e59c3549d92842c8989bc95b7cf5c817ac15

Download Submit
memory/2956-28-0x0000000074FC0000-0x0000000074FCA000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads