a6b304da706f65520019273d5f35dc9ede582febfe9e9a1d87c482eb46433256

Analysis

max time kernel
150s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2025, 08:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5b25182d96ac6fca82ecb8f99198295f45bf8fceea3fb196beb2a4e7bc862714.exe
Size

1.0MB
MD5

7e81e8492efb9fc3c9659110dc086afe
SHA1

7fa61b56f596e96db069874559f2c295615397f6
SHA256

5b25182d96ac6fca82ecb8f99198295f45bf8fceea3fb196beb2a4e7bc862714
SHA512

d9e6336e5d22e6b7360118f40d8badc5d8390faa40c0bcd1c59ef1fd4a5d993acd59512b1d3cf5c0b8851dd1c59f055d6bf25b5ec1d3f9fcd6a0ea323e575390
SSDEEP

24576:H8RhrEtJNzrcPxtakUuy5OKwId/mz6tXn/xfg1drcUl4lbHK3:c6zrc/atMK1dfHy/kbHi

Score

7^/10

bootkit discovery persistence privilege_escalation upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral23/files/0x0007000000024272-24.dat	acprotect

Checks computer location settings 2 TTPs 62 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	5b25182d96ac6fca82ecb8f99198295f45bf8fceea3fb196beb2a4e7bc862714.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	openvi.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 64 IoCs

pid	Process
4672	openvi.exe
4784	openvi.exe
2216	appupdater.exe
2460	openvi.exe
5560	openvi.exe
3040	openvi.exe
2596	appupdater.exe
4356	openvi.exe
2808	openvi.exe
4232	openvi.exe
4568	appupdater.exe
3468	openvi.exe
5684	openvi.exe
2300	appupdater.exe
1104	openvi.exe
5004	openvi.exe
1116	openvi.exe
1308	appupdater.exe
5684	openvi.exe
2076	openvi.exe
1044	appupdater.exe
436	openvi.exe
3144	openvi.exe
4768	appupdater.exe
6452	openvi.exe
6760	openvi.exe
6776	appupdater.exe
5980	openvi.exe
6536	openvi.exe
6552	appupdater.exe
4028	openvi.exe
6240	openvi.exe
5660	openvi.exe
6588	appupdater.exe
6584	openvi.exe
6404	openvi.exe
6448	openvi.exe
6504	appupdater.exe
2404	openvi.exe
6480	openvi.exe
4176	openvi.exe
6964	appupdater.exe
6924	openvi.exe
936	openvi.exe
4176	appupdater.exe
7336	openvi.exe
7636	openvi.exe
8084	openvi.exe
8100	appupdater.exe
7344	openvi.exe
7960	openvi.exe
7252	openvi.exe
7276	appupdater.exe
8156	openvi.exe
4432	openvi.exe
7620	appupdater.exe
8176	openvi.exe
8168	appupdater.exe
8152	openvi.exe
7968	openvi.exe
7608	openvi.exe
8076	appupdater.exe
8536	openvi.exe
8800	openvi.exe

Loads dropped DLL 64 IoCs

pid	Process
1016	5b25182d96ac6fca82ecb8f99198295f45bf8fceea3fb196beb2a4e7bc862714.exe
1016	5b25182d96ac6fca82ecb8f99198295f45bf8fceea3fb196beb2a4e7bc862714.exe
1016	5b25182d96ac6fca82ecb8f99198295f45bf8fceea3fb196beb2a4e7bc862714.exe
1016	5b25182d96ac6fca82ecb8f99198295f45bf8fceea3fb196beb2a4e7bc862714.exe
4784	openvi.exe
4784	openvi.exe
4672	openvi.exe
4672	openvi.exe
4672	openvi.exe
4672	openvi.exe
2460	openvi.exe
2460	openvi.exe
2460	openvi.exe
2460	openvi.exe
5560	openvi.exe
5560	openvi.exe
5560	openvi.exe
5560	openvi.exe
3040	openvi.exe
3040	openvi.exe
3040	openvi.exe
3040	openvi.exe
4356	openvi.exe
4356	openvi.exe
4356	openvi.exe
4356	openvi.exe
2808	openvi.exe
2808	openvi.exe
2808	openvi.exe
2808	openvi.exe
4232	openvi.exe
4232	openvi.exe
4232	openvi.exe
4232	openvi.exe
3468	openvi.exe
3468	openvi.exe
3468	openvi.exe
3468	openvi.exe
5684	openvi.exe
5684	openvi.exe
5684	openvi.exe
5684	openvi.exe
1104	openvi.exe
1104	openvi.exe
1104	openvi.exe
1104	openvi.exe
5004	openvi.exe
5004	openvi.exe
5004	openvi.exe
5004	openvi.exe
1116	openvi.exe
1116	openvi.exe
1116	openvi.exe
1116	openvi.exe
5684	openvi.exe
5684	openvi.exe
5684	openvi.exe
5684	openvi.exe
2076	openvi.exe
2076	openvi.exe
2076	openvi.exe
2076	openvi.exe
436	openvi.exe
436	openvi.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Writes to the Master Boot Record (MBR) 1 TTPs 64 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	5b25182d96ac6fca82ecb8f99198295f45bf8fceea3fb196beb2a4e7bc862714.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe
File opened for modification	\??\PhysicalDrive0	openvi.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral23/files/0x0007000000024272-24.dat	upx
behavioral23/memory/1016-28-0x0000000074B40000-0x0000000074B4A000-memory.dmp	upx

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	appupdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	appupdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	appupdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	appupdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	appupdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	appupdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	appupdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	appupdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	appupdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	appupdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	appupdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	appupdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	appupdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	appupdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	appupdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	appupdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	appupdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	appupdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	appupdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openvi.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\nvifile\shell\open\command	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Folder\ShellEx\CopyHookHandlers\.webnavi\ = "{71748560-AA80-4469-9C1D-29A66233974C}"	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Directory\ShellEx\DragDropHandlers\.webnavi	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Drive\ShellEx\ContextMenuHandlers\.webnavi	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\.nvi\ = "nvifile"	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\CLSID\{71748560-AA80-4469-9C1D-29A66233974C}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Roaming\\webnavi\\nvi64.dll"	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\nvifile\Shellex\IconHandler\ = "{71748560-AA80-4469-9C1D-29A66233974C}"	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\.webnavi	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\CLSID\{D66AFFF1-8FE8-48f0-A2D7-D231D926E751}\InProcServer32	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Directory\ShellEx\DragDropHandlers\.webnavi	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Drive\ShellEx\ContextMenuHandlers\.webnavi\ = "{71748560-AA80-4469-9C1D-29A66233974C}"	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Folder\ShellEx\CopyHookHandlers\.webnavi	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Directory\ShellEx\ContextMenuHandlers\.webnavi	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\.nvi\ = "nvifile"	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Directory\ShellEx\CopyHookHandlers\.webnavi	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\*\shellex\ContextMenuHandlers\.webnavi\ = "{71748560-AA80-4469-9C1D-29A66233974C}"	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Folder\ShellEx\CopyHookHandlers\.webnavi	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\WOW6432Node\CLSID\{71748560-AA80-4469-9C1D-29A66233974C}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Roaming\\webnavi\\nvi.dll"	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Folder\ShellEx\ContextMenuHandlers\.webnavi\ = "{71748560-AA80-4469-9C1D-29A66233974C}"	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\WOW6432Node\CLSID\{D66AFFF1-8FE8-48f0-A2D7-D231D926E751}\InProcServer32	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\*\ShellEx\ContextMenuHandlers\.webnavi	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\CLSID\{71748560-AA80-4469-9C1D-29A66233974C}\InProcServer32	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Directory\shellex\ContextMenuHandlers\.webnavi\ = "{71748560-AA80-4469-9C1D-29A66233974C}"	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Folder\ShellEx\CopyHookHandlers\.webnavi	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\WOW6432Node\CLSID\{D66AFFF1-8FE8-48f0-A2D7-D231D926E751}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Roaming\\webnavi\\nvi.dll"	openvi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Directory\ShellEx\DragDropHandlers\.webnavi	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\nvifile\Shellex\IconHandler	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\*\shellex\ContextMenuHandlers\.webnavi\ = "{71748560-AA80-4469-9C1D-29A66233974C}"	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Directory\shellex\CopyHookHandlers\.webnavi\ = "{71748560-AA80-4469-9C1D-29A66233974C}"	openvi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\WOW6432Node\CLSID\{71748560-AA80-4469-9C1D-29A66233974C}\InProcServer32	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Drive\ShellEx\ContextMenuHandlers\.webnavi\ = "{71748560-AA80-4469-9C1D-29A66233974C}"	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\*\ShellEx\ContextMenuHandlers\.webnavi	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Directory\ShellEx\ContextMenuHandlers\.webnavi	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\.nvi	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Drive\ShellEx\ContextMenuHandlers\.webnavi\ = "{71748560-AA80-4469-9C1D-29A66233974C}"	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Directory\ShellEx\CopyHookHandlers\.webnavi	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Folder\ShellEx\CopyHookHandlers\.webnavi	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\nvifile\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Roaming\\webnavi\\nvi.ico"	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\WOW6432Node\CLSID\{D66AFFF1-8FE8-48f0-A2D7-D231D926E751}\InProcServer32	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Directory\shellex\ContextMenuHandlers\.webnavi\ = "{71748560-AA80-4469-9C1D-29A66233974C}"	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Folder\ShellEx\CopyHookHandlers\.webnavi\ = "{71748560-AA80-4469-9C1D-29A66233974C}"	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\WOW6432Node\CLSID\{D66AFFF1-8FE8-48f0-A2D7-D231D926E751}\InProcServer32	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Drive\ShellEx\ContextMenuHandlers\.webnavi	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Folder\ShellEx\CopyHookHandlers\.webnavi\ = "{71748560-AA80-4469-9C1D-29A66233974C}"	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\CLSID\{71748560-AA80-4469-9C1D-29A66233974C}\InProcServer32\ThreadingModel = "Apartment"	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\CLSID\{D66AFFF1-8FE8-48f0-A2D7-D231D926E751}\InProcServer32	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Directory\shellex\ContextMenuHandlers\.webnavi\ = "{71748560-AA80-4469-9C1D-29A66233974C}"	5b25182d96ac6fca82ecb8f99198295f45bf8fceea3fb196beb2a4e7bc862714.exe
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Drive\ShellEx\ContextMenuHandlers\.webnavi	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Directory\shellex\CopyHookHandlers\.webnavi\ = "{71748560-AA80-4469-9C1D-29A66233974C}"	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Directory\shellex\CopyHookHandlers\.webnavi\ = "{71748560-AA80-4469-9C1D-29A66233974C}"	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\CLSID\{D66AFFF1-8FE8-48f0-A2D7-D231D926E751}\InProcServer32	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Directory\shellex\CopyHookHandlers\.webnavi\ = "{71748560-AA80-4469-9C1D-29A66233974C}"	openvi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Directory\Background\ShellEx\ContextMenuHandlers\.webnavi	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Folder\ShellEx\ContextMenuHandlers\.webnavi	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Directory\ShellEx\CopyHookHandlers\.webnavi	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\nvifile\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Roaming\\webnavi\\nvi.ico"	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\CLSID\{71748560-AA80-4469-9C1D-29A66233974C}\InProcServer32	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Drive\ShellEx\ContextMenuHandlers\.webnavi	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\*\shellex\ContextMenuHandlers\.webnavi\ = "{71748560-AA80-4469-9C1D-29A66233974C}"	openvi.exe
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\*\ShellEx\ContextMenuHandlers\.webnavi	openvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\WOW6432Node\CLSID\{D66AFFF1-8FE8-48f0-A2D7-D231D926E751}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Roaming\\webnavi\\nvi.dll"	openvi.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5584	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 62 IoCs

pid	Process
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
5584	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1016 wrote to memory of 4672	1016	5b25182d96ac6fca82ecb8f99198295f45bf8fceea3fb196beb2a4e7bc862714.exe	90
PID 1016 wrote to memory of 4672	1016	5b25182d96ac6fca82ecb8f99198295f45bf8fceea3fb196beb2a4e7bc862714.exe	90
PID 1016 wrote to memory of 4672	1016	5b25182d96ac6fca82ecb8f99198295f45bf8fceea3fb196beb2a4e7bc862714.exe	90
PID 1016 wrote to memory of 4784	1016	5b25182d96ac6fca82ecb8f99198295f45bf8fceea3fb196beb2a4e7bc862714.exe	91
PID 1016 wrote to memory of 4784	1016	5b25182d96ac6fca82ecb8f99198295f45bf8fceea3fb196beb2a4e7bc862714.exe	91
PID 1016 wrote to memory of 4784	1016	5b25182d96ac6fca82ecb8f99198295f45bf8fceea3fb196beb2a4e7bc862714.exe	91
PID 4784 wrote to memory of 2216	4784	openvi.exe	92
PID 4784 wrote to memory of 2216	4784	openvi.exe	92
PID 4784 wrote to memory of 2216	4784	openvi.exe	92
PID 4672 wrote to memory of 5584	4672	openvi.exe	93
PID 4672 wrote to memory of 5584	4672	openvi.exe	93
PID 5584 wrote to memory of 4588	5584	msedge.exe	95
PID 5584 wrote to memory of 4588	5584	msedge.exe	95
PID 4672 wrote to memory of 2460	4672	openvi.exe	96
PID 4672 wrote to memory of 2460	4672	openvi.exe	96
PID 4672 wrote to memory of 2460	4672	openvi.exe	96
PID 2460 wrote to memory of 5704	2460	openvi.exe	98
PID 2460 wrote to memory of 5704	2460	openvi.exe	98
PID 2460 wrote to memory of 5560	2460	openvi.exe	100
PID 2460 wrote to memory of 5560	2460	openvi.exe	100
PID 2460 wrote to memory of 5560	2460	openvi.exe	100
PID 5584 wrote to memory of 1916	5584	msedge.exe	103
PID 5584 wrote to memory of 1916	5584	msedge.exe	103
PID 5584 wrote to memory of 3080	5584	msedge.exe	104
PID 5584 wrote to memory of 3080	5584	msedge.exe	104
PID 5584 wrote to memory of 3080	5584	msedge.exe	104
PID 5584 wrote to memory of 3080	5584	msedge.exe	104
PID 5584 wrote to memory of 3080	5584	msedge.exe	104
PID 5584 wrote to memory of 3080	5584	msedge.exe	104
PID 5584 wrote to memory of 3080	5584	msedge.exe	104
PID 5584 wrote to memory of 3080	5584	msedge.exe	104
PID 5584 wrote to memory of 3080	5584	msedge.exe	104
PID 5584 wrote to memory of 3080	5584	msedge.exe	104
PID 5584 wrote to memory of 3080	5584	msedge.exe	104
PID 5584 wrote to memory of 3080	5584	msedge.exe	104
PID 5584 wrote to memory of 3080	5584	msedge.exe	104
PID 5584 wrote to memory of 3080	5584	msedge.exe	104
PID 5584 wrote to memory of 3080	5584	msedge.exe	104
PID 5584 wrote to memory of 3080	5584	msedge.exe	104
PID 5584 wrote to memory of 3080	5584	msedge.exe	104
PID 5584 wrote to memory of 3080	5584	msedge.exe	104
PID 5584 wrote to memory of 3080	5584	msedge.exe	104
PID 5584 wrote to memory of 3080	5584	msedge.exe	104
PID 5584 wrote to memory of 3080	5584	msedge.exe	104
PID 5584 wrote to memory of 3080	5584	msedge.exe	104
PID 5584 wrote to memory of 3080	5584	msedge.exe	104
PID 5584 wrote to memory of 3080	5584	msedge.exe	104
PID 5584 wrote to memory of 3080	5584	msedge.exe	104
PID 5584 wrote to memory of 3080	5584	msedge.exe	104
PID 5584 wrote to memory of 3080	5584	msedge.exe	104
PID 5584 wrote to memory of 3080	5584	msedge.exe	104
PID 5584 wrote to memory of 3080	5584	msedge.exe	104
PID 5584 wrote to memory of 3080	5584	msedge.exe	104
PID 5584 wrote to memory of 3080	5584	msedge.exe	104
PID 5584 wrote to memory of 3080	5584	msedge.exe	104
PID 5584 wrote to memory of 3080	5584	msedge.exe	104
PID 5584 wrote to memory of 3080	5584	msedge.exe	104
PID 5584 wrote to memory of 3080	5584	msedge.exe	104
PID 5584 wrote to memory of 3080	5584	msedge.exe	104
PID 5584 wrote to memory of 3080	5584	msedge.exe	104
PID 5584 wrote to memory of 3080	5584	msedge.exe	104
PID 5584 wrote to memory of 3080	5584	msedge.exe	104
PID 5584 wrote to memory of 3080	5584	msedge.exe	104
PID 5584 wrote to memory of 3080	5584	msedge.exe	104

C:\Users\Admin\AppData\Local\Temp\5b25182d96ac6fca82ecb8f99198295f45bf8fceea3fb196beb2a4e7bc862714.exe
"C:\Users\Admin\AppData\Local\Temp\5b25182d96ac6fca82ecb8f99198295f45bf8fceea3fb196beb2a4e7bc862714.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1016
- C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
  "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Writes to the Master Boot Record (MBR)
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:4672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:5584
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2cc,0x2d0,0x2d4,0x2c8,0x2a0,0x7ffa572bf208,0x7ffa572bf214,0x7ffa572bf220
      4⤵
      PID:4588
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1760,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=4076 /prefetch:3
      4⤵
      PID:1916
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=3772,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=3768 /prefetch:2
      4⤵
      PID:3080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2036,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=4160 /prefetch:8
      4⤵
      PID:2668
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3120,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=4184 /prefetch:1
      4⤵
      PID:2888
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=2344,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=4200 /prefetch:1
      4⤵
      PID:4204
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3128,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=4188 /prefetch:1
      4⤵
      PID:2744
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5072,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=5112 /prefetch:1
      4⤵
      PID:4488
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=5228,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=5328 /prefetch:1
      4⤵
      PID:1980
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=3440,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=5484 /prefetch:1
      4⤵
      PID:4184
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=5356,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=5692 /prefetch:1
      4⤵
      PID:2332
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5816,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=5804 /prefetch:1
      4⤵
      PID:2236
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=5984,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=5976 /prefetch:1
      4⤵
      PID:4848
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=6172,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=6164 /prefetch:1
      4⤵
      PID:4676
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=6356,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=6348 /prefetch:1
      4⤵
      PID:1184
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=6512,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=6516 /prefetch:1
      4⤵
      PID:208
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=6688,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=6676 /prefetch:1
      4⤵
      PID:4932
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6756,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=6904 /prefetch:1
      4⤵
      PID:5156
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=7120,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=7152 /prefetch:1
      4⤵
      PID:4496
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=7560,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=7588 /prefetch:1
      4⤵
      PID:3740
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=7736,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=7768 /prefetch:1
      4⤵
      PID:6220
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=8052,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=8076 /prefetch:1
      4⤵
      PID:6516
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=8312,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=8288 /prefetch:1
      4⤵
      PID:7108
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=8208,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=8616 /prefetch:1
      4⤵
      PID:6304
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=8812,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=8816 /prefetch:1
      4⤵
      PID:6984
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=9068,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=9108 /prefetch:1
      4⤵
      PID:1204
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=9272,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=9356 /prefetch:1
      4⤵
      PID:6484
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=9588,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=9616 /prefetch:1
      4⤵
      PID:6808
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=9860,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=9884 /prefetch:1
      4⤵
      PID:6768
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=10032,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=10052 /prefetch:1
      4⤵
      PID:5456
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=10400,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=10308 /prefetch:1
      4⤵
      PID:4000
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=10640,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=10652 /prefetch:1
      4⤵
      PID:1524
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=10892,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=10908 /prefetch:1
      4⤵
      PID:6912
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=11260,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=11044 /prefetch:1
      4⤵
      PID:3036
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=11476,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=11508 /prefetch:1
      4⤵
      PID:7132
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --always-read-main-dll --field-trial-handle=11820,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=11864 /prefetch:1
      4⤵
      PID:7196
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --always-read-main-dll --field-trial-handle=12172,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=12180 /prefetch:1
      4⤵
      PID:7464
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --always-read-main-dll --field-trial-handle=11984,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=12440 /prefetch:1
      4⤵
      PID:7940
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --always-read-main-dll --field-trial-handle=12692,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=12680 /prefetch:1
      4⤵
      PID:7484
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --always-read-main-dll --field-trial-handle=12952,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=12960 /prefetch:1
      4⤵
      PID:7720
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --always-read-main-dll --field-trial-handle=13192,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=13200 /prefetch:1
      4⤵
      PID:7916
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --always-read-main-dll --field-trial-handle=13216,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=13376 /prefetch:1
      4⤵
      PID:1416
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --always-read-main-dll --field-trial-handle=13104,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=13544 /prefetch:1
      4⤵
      PID:7976
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --always-read-main-dll --field-trial-handle=13812,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=13524 /prefetch:1
      4⤵
      PID:7956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --always-read-main-dll --field-trial-handle=14056,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=14180 /prefetch:1
      4⤵
      PID:7248
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --always-read-main-dll --field-trial-handle=14440,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=14164 /prefetch:1
      4⤵
      PID:4432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --always-read-main-dll --field-trial-handle=14824,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=14832 /prefetch:1
      4⤵
      PID:7932
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --always-read-main-dll --field-trial-handle=14828,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=14572 /prefetch:1
      4⤵
      PID:8392
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --always-read-main-dll --field-trial-handle=15224,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=15200 /prefetch:1
      4⤵
      PID:8660
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --always-read-main-dll --field-trial-handle=15560,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=15588 /prefetch:1
      4⤵
      PID:9144
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --always-read-main-dll --field-trial-handle=15712,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=15724 /prefetch:1
      4⤵
      PID:8404
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --always-read-main-dll --field-trial-handle=16088,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=16108 /prefetch:1
      4⤵
      PID:9024
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --always-read-main-dll --field-trial-handle=16348,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=16332 /prefetch:1
      4⤵
      PID:8432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --always-read-main-dll --field-trial-handle=16656,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=16652 /prefetch:1
      4⤵
      PID:8852
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --always-read-main-dll --field-trial-handle=16856,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=16716 /prefetch:1
      4⤵
      PID:7984
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --always-read-main-dll --field-trial-handle=17148,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=17164 /prefetch:1
      4⤵
      PID:8272
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --always-read-main-dll --field-trial-handle=17396,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=17428 /prefetch:1
      4⤵
      PID:8232
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --always-read-main-dll --field-trial-handle=17404,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=16968 /prefetch:1
      4⤵
      PID:8456
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --always-read-main-dll --field-trial-handle=17744,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=17852 /prefetch:1
      4⤵
      PID:9388
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=18116,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=18016 /prefetch:8
      4⤵
      PID:9636
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=18120,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=18012 /prefetch:8
      4⤵
      PID:9648
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=18128,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=18176 /prefetch:8
      4⤵
      PID:9656
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --always-read-main-dll --field-trial-handle=18232,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=18248 /prefetch:1
      4⤵
      PID:9764
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --always-read-main-dll --field-trial-handle=18208,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=18240 /prefetch:1
      4⤵
      PID:10148
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --always-read-main-dll --field-trial-handle=18588,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=1928 /prefetch:1
      4⤵
      PID:9892
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --always-read-main-dll --field-trial-handle=18804,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=18812 /prefetch:1
      4⤵
      PID:8544
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --always-read-main-dll --field-trial-handle=19012,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=18972 /prefetch:1
      4⤵
      PID:9048
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --always-read-main-dll --field-trial-handle=19244,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=19164 /prefetch:1
      4⤵
      PID:8492
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --always-read-main-dll --field-trial-handle=19016,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=19480 /prefetch:1
      4⤵
      PID:9800
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --always-read-main-dll --field-trial-handle=19768,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=19508 /prefetch:1
      4⤵
      PID:9772
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --always-read-main-dll --field-trial-handle=20044,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=20036 /prefetch:1
      4⤵
      PID:9888
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --always-read-main-dll --field-trial-handle=20256,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=20116 /prefetch:1
      4⤵
      PID:9256
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --always-read-main-dll --field-trial-handle=20520,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=20516 /prefetch:1
      4⤵
      PID:10100
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --always-read-main-dll --field-trial-handle=20692,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=20728 /prefetch:1
      4⤵
      PID:10160
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --always-read-main-dll --field-trial-handle=20724,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=20932 /prefetch:1
      4⤵
      PID:10700
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --always-read-main-dll --field-trial-handle=20956,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=21272 /prefetch:1
      4⤵
      PID:10964
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --always-read-main-dll --field-trial-handle=21520,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=21524 /prefetch:1
      4⤵
      PID:10440
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --always-read-main-dll --field-trial-handle=21444,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=21816 /prefetch:1
      4⤵
      PID:10800
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --always-read-main-dll --field-trial-handle=21952,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=22060 /prefetch:1
      4⤵
      PID:10468
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --always-read-main-dll --field-trial-handle=22316,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=22344 /prefetch:1
      4⤵
      PID:10976
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --always-read-main-dll --field-trial-handle=22532,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=22320 /prefetch:1
      4⤵
      PID:10460
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --always-read-main-dll --field-trial-handle=22832,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=22720 /prefetch:1
      4⤵
      PID:10464
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --always-read-main-dll --field-trial-handle=23064,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=22936 /prefetch:1
      4⤵
      PID:11140
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --always-read-main-dll --field-trial-handle=23072,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=22668 /prefetch:1
      4⤵
      PID:11128
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --always-read-main-dll --field-trial-handle=23560,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=23480 /prefetch:1
      4⤵
      PID:11156
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --always-read-main-dll --field-trial-handle=23808,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=23820 /prefetch:1
      4⤵
      PID:10852
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --always-read-main-dll --field-trial-handle=24060,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=23964 /prefetch:1
      4⤵
      PID:11752
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --always-read-main-dll --field-trial-handle=24316,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=24352 /prefetch:1
      4⤵
      PID:12068
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --always-read-main-dll --field-trial-handle=24560,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=24564 /prefetch:1
      4⤵
      PID:11504
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --always-read-main-dll --field-trial-handle=24872,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=24736 /prefetch:1
      4⤵
      PID:11968
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --always-read-main-dll --field-trial-handle=25128,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=25132 /prefetch:1
      4⤵
      PID:11496
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --always-read-main-dll --field-trial-handle=25440,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=25448 /prefetch:1
      4⤵
      PID:12104
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --always-read-main-dll --field-trial-handle=25676,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=25652 /prefetch:1
      4⤵
      PID:11588
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --always-read-main-dll --field-trial-handle=25948,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=25664 /prefetch:1
      4⤵
      PID:12272
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --always-read-main-dll --field-trial-handle=26076,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=26184 /prefetch:1
      4⤵
      PID:11396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --always-read-main-dll --field-trial-handle=26420,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=26424 /prefetch:1
      4⤵
      PID:12124
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --always-read-main-dll --field-trial-handle=26668,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=26696 /prefetch:1
      4⤵
      PID:12520
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --always-read-main-dll --field-trial-handle=26920,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=26948 /prefetch:1
      4⤵
      PID:13028
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --always-read-main-dll --field-trial-handle=27116,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=27092 /prefetch:1
      4⤵
      PID:13300
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --always-read-main-dll --field-trial-handle=27420,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=27444 /prefetch:1
      4⤵
      PID:12516
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --always-read-main-dll --field-trial-handle=27684,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=27712 /prefetch:1
      4⤵
      PID:13068
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --always-read-main-dll --field-trial-handle=27976,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=27984 /prefetch:1
      4⤵
      PID:12664
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --always-read-main-dll --field-trial-handle=28124,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=28104 /prefetch:1
      4⤵
      PID:11732
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --always-read-main-dll --field-trial-handle=28352,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=28356 /prefetch:1
      4⤵
      PID:12892
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --always-read-main-dll --field-trial-handle=28720,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=28692 /prefetch:1
      4⤵
      PID:11800
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --always-read-main-dll --field-trial-handle=28972,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=28736 /prefetch:1
      4⤵
      PID:11480
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --always-read-main-dll --field-trial-handle=29184,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=29112 /prefetch:1
      4⤵
      PID:12700
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --always-read-main-dll --field-trial-handle=29384,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=29472 /prefetch:1
      4⤵
      PID:13452
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --always-read-main-dll --field-trial-handle=29716,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=29740 /prefetch:1
      4⤵
      PID:13876
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --always-read-main-dll --field-trial-handle=30028,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=30048 /prefetch:1
      4⤵
      PID:12932
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=30320,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=30340 /prefetch:8
      4⤵
      PID:13588
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=30328,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=30396 /prefetch:8
      4⤵
      PID:13660
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=30368,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=30444 /prefetch:8
      4⤵
      PID:13668
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=30420,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=30864 /prefetch:8
      4⤵
      PID:13908
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --always-read-main-dll --field-trial-handle=4800,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=31328 /prefetch:1
      4⤵
      PID:9640
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --always-read-main-dll --field-trial-handle=31580,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=31544 /prefetch:1
      4⤵
      PID:13676
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --always-read-main-dll --field-trial-handle=30852,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=30180 /prefetch:1
      4⤵
      PID:5116
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=31552,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=32048 /prefetch:8
      4⤵
      PID:2300
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=31552,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=32048 /prefetch:8
      4⤵
      PID:3792
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --always-read-main-dll --field-trial-handle=32288,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=32296 /prefetch:1
      4⤵
      PID:13704
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --always-read-main-dll --field-trial-handle=12648,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=12624 /prefetch:1
      4⤵
      PID:2300
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --always-read-main-dll --field-trial-handle=29976,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=28196 /prefetch:1
      4⤵
      PID:13700
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=31096,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=23752 /prefetch:8
      4⤵
      PID:14068
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --always-read-main-dll --field-trial-handle=31104,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=22268 /prefetch:1
      4⤵
      PID:4572
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --always-read-main-dll --field-trial-handle=31044,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=22740 /prefetch:1
      4⤵
      PID:14292
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --always-read-main-dll --field-trial-handle=31964,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=31948 /prefetch:1
      4⤵
      PID:13604
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=21688,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=32528 /prefetch:8
      4⤵
      PID:14764
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=129 --always-read-main-dll --field-trial-handle=23740,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=31796 /prefetch:1
      4⤵
      PID:14836
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=130 --always-read-main-dll --field-trial-handle=29360,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=29408 /prefetch:1
      4⤵
      PID:14724
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --always-read-main-dll --field-trial-handle=22460,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=32664 /prefetch:1
      4⤵
      PID:13688
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=132 --always-read-main-dll --field-trial-handle=27584,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=12352 /prefetch:1
      4⤵
      PID:14496
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=133 --always-read-main-dll --field-trial-handle=22796,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=28188 /prefetch:1
      4⤵
      PID:14448
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4100,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=4332 /prefetch:2
      4⤵
      PID:15108
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=3920,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=4052 /prefetch:2
      4⤵
      PID:15080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=136 --always-read-main-dll --field-trial-handle=30600,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=30060 /prefetch:1
      4⤵
      PID:13404
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=27972,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=28208 /prefetch:8
      4⤵
      PID:7688
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4372,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=31220 /prefetch:8
      4⤵
      PID:12348
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=140 --always-read-main-dll --field-trial-handle=3132,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=4032 /prefetch:1
      4⤵
      PID:7924
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=141 --always-read-main-dll --field-trial-handle=13536,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=20904 /prefetch:1
      4⤵
      PID:8088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=142 --always-read-main-dll --field-trial-handle=31060,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=28536 /prefetch:1
      4⤵
      PID:11316
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=143 --always-read-main-dll --field-trial-handle=4764,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=26892 /prefetch:1
      4⤵
      PID:8168
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=144 --always-read-main-dll --field-trial-handle=26352,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=28532 /prefetch:1
      4⤵
      PID:8108
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=146 --always-read-main-dll --field-trial-handle=5036,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=30276 /prefetch:1
      4⤵
      PID:9100
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=147 --always-read-main-dll --field-trial-handle=10276,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=30608 /prefetch:1
      4⤵
      PID:6344
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=148 --always-read-main-dll --field-trial-handle=30352,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=30732 /prefetch:1
      4⤵
      PID:8892
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=149 --always-read-main-dll --field-trial-handle=25896,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=4972 /prefetch:1
      4⤵
      PID:8148
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=150 --always-read-main-dll --field-trial-handle=25912,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=27332 /prefetch:1
      4⤵
      PID:7820
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=151 --always-read-main-dll --field-trial-handle=25244,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=25256 /prefetch:1
      4⤵
      PID:7708
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=152 --always-read-main-dll --field-trial-handle=25284,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=25272 /prefetch:1
      4⤵
      PID:11832
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=153 --always-read-main-dll --field-trial-handle=25024,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=24268 /prefetch:1
      4⤵
      PID:8752
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=154 --always-read-main-dll --field-trial-handle=23232,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=23240 /prefetch:1
      4⤵
      PID:9980
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=angle --use-angle=swiftshader-webgl --always-read-main-dll --field-trial-handle=3880,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=4836 /prefetch:2
      4⤵
      PID:13940
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=156 --always-read-main-dll --field-trial-handle=3872,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=6728 /prefetch:1
      4⤵
      PID:13656
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=157 --always-read-main-dll --field-trial-handle=30656,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=5508 /prefetch:1
      4⤵
      PID:4244
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=158 --always-read-main-dll --field-trial-handle=30700,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=30676 /prefetch:1
      4⤵
      PID:7840
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=159 --always-read-main-dll --field-trial-handle=27272,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=5020 /prefetch:1
      4⤵
      PID:7836
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=160 --always-read-main-dll --field-trial-handle=25628,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=25552 /prefetch:1
      4⤵
      PID:5052
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=161 --always-read-main-dll --field-trial-handle=30764,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=30440 /prefetch:1
      4⤵
      PID:15292
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=162 --always-read-main-dll --field-trial-handle=22300,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=28188 /prefetch:1
      4⤵
      PID:10380
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=163 --always-read-main-dll --field-trial-handle=30760,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=4564 /prefetch:1
      4⤵
      PID:3132
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=164 --always-read-main-dll --field-trial-handle=5444,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=5460 /prefetch:1
      4⤵
      PID:11176
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=165 --always-read-main-dll --field-trial-handle=6124,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=6020 /prefetch:1
      4⤵
      PID:8300
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=166 --always-read-main-dll --field-trial-handle=5688,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=6424 /prefetch:1
      4⤵
      PID:15236
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=168 --always-read-main-dll --field-trial-handle=30608,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=30604 /prefetch:1
      4⤵
      PID:5460
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=169 --always-read-main-dll --field-trial-handle=30740,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=9492 /prefetch:1
      4⤵
      PID:3820
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=170 --always-read-main-dll --field-trial-handle=27636,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=27412 /prefetch:1
      4⤵
      PID:6828
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=171 --always-read-main-dll --field-trial-handle=4968,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=27596 /prefetch:1
      4⤵
      PID:12364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=172 --always-read-main-dll --field-trial-handle=3428,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=24256 /prefetch:1
      4⤵
      PID:7704
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=173 --always-read-main-dll --field-trial-handle=24032,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=23504 /prefetch:1
      4⤵
      PID:13576
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=174 --always-read-main-dll --field-trial-handle=21696,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=21756 /prefetch:1
      4⤵
      PID:14356
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=175 --always-read-main-dll --field-trial-handle=21232,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=21216 /prefetch:1
      4⤵
      PID:9820
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=176 --always-read-main-dll --field-trial-handle=20864,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=20548 /prefetch:1
      4⤵
      PID:4992
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=177 --always-read-main-dll --field-trial-handle=20232,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=20200 /prefetch:1
      4⤵
      PID:1628
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=178 --always-read-main-dll --field-trial-handle=19716,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=19700 /prefetch:1
      4⤵
      PID:10352
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=179 --always-read-main-dll --field-trial-handle=19176,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=19144 /prefetch:1
      4⤵
      PID:4076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=180 --always-read-main-dll --field-trial-handle=18156,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=18228 /prefetch:1
      4⤵
      PID:12956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=181 --always-read-main-dll --field-trial-handle=18096,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=18196 /prefetch:1
      4⤵
      PID:12896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=182 --always-read-main-dll --field-trial-handle=17364,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=17176 /prefetch:1
      4⤵
      PID:1620
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=183 --always-read-main-dll --field-trial-handle=16996,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=15156 /prefetch:1
      4⤵
      PID:14504
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=184 --always-read-main-dll --field-trial-handle=16284,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=16272 /prefetch:1
      4⤵
      PID:15228
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=185 --always-read-main-dll --field-trial-handle=15804,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=15780 /prefetch:1
      4⤵
      PID:14452
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=186 --always-read-main-dll --field-trial-handle=15288,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=15268 /prefetch:1
      4⤵
      PID:13444
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=187 --always-read-main-dll --field-trial-handle=14804,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=14780 /prefetch:1
      4⤵
      PID:12400
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=188 --always-read-main-dll --field-trial-handle=14144,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=14128 /prefetch:1
      4⤵
      PID:11724
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=189 --always-read-main-dll --field-trial-handle=13616,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=13604 /prefetch:1
      4⤵
      PID:14352
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=191 --always-read-main-dll --field-trial-handle=25232,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=25384 /prefetch:1
      4⤵
      PID:14252
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=192 --always-read-main-dll --field-trial-handle=25636,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=12848 /prefetch:1
      4⤵
      PID:14860
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=193 --always-read-main-dll --field-trial-handle=12040,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=12016 /prefetch:1
      4⤵
      PID:5976
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=194 --always-read-main-dll --field-trial-handle=11672,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=11492 /prefetch:1
      4⤵
      PID:644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=195 --always-read-main-dll --field-trial-handle=11184,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=11176 /prefetch:1
      4⤵
      PID:5704
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=196 --always-read-main-dll --field-trial-handle=10776,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=10804 /prefetch:1
      4⤵
      PID:9416
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=197 --always-read-main-dll --field-trial-handle=10320,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=10180 /prefetch:1
      4⤵
      PID:9956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=198 --always-read-main-dll --field-trial-handle=9796,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=9580 /prefetch:1
      4⤵
      PID:14544
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=199 --always-read-main-dll --field-trial-handle=9048,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=9576 /prefetch:1
      4⤵
      PID:14456
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=200 --always-read-main-dll --field-trial-handle=8560,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=8544 /prefetch:1
      4⤵
      PID:8220
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=201 --always-read-main-dll --field-trial-handle=8016,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=8000 /prefetch:1
      4⤵
      PID:12144
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=202 --always-read-main-dll --field-trial-handle=7492,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=7484 /prefetch:1
      4⤵
      PID:8560
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=203 --always-read-main-dll --field-trial-handle=7476,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=7324 /prefetch:1
      4⤵
      PID:12116
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=204 --always-read-main-dll --field-trial-handle=32784,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=32796 /prefetch:1
      4⤵
      PID:13072
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=205 --always-read-main-dll --field-trial-handle=32832,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=32972 /prefetch:1
      4⤵
      PID:1276
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=206 --always-read-main-dll --field-trial-handle=33116,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=33128 /prefetch:1
      4⤵
      PID:13796
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=207 --always-read-main-dll --field-trial-handle=33296,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=33316 /prefetch:1
      4⤵
      PID:4972
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=208 --always-read-main-dll --field-trial-handle=33464,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=33452 /prefetch:1
      4⤵
      PID:3664
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=212 --always-read-main-dll --field-trial-handle=33640,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=33612 /prefetch:1
      4⤵
      PID:14512
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=211 --always-read-main-dll --field-trial-handle=33740,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=33768 /prefetch:1
      4⤵
      PID:3660
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=213 --always-read-main-dll --field-trial-handle=27368,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=4324 /prefetch:1
      4⤵
      PID:12812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=214 --always-read-main-dll --field-trial-handle=6068,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=30796 /prefetch:1
      4⤵
      PID:2860
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=215 --always-read-main-dll --field-trial-handle=6664,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=15432 /prefetch:1
      4⤵
      PID:8124
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=216 --always-read-main-dll --field-trial-handle=30604,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=14696 /prefetch:1
      4⤵
      PID:12708
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=217 --always-read-main-dll --field-trial-handle=26148,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=7332 /prefetch:1
      4⤵
      PID:14532
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=218 --always-read-main-dll --field-trial-handle=13924,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=14324 /prefetch:1
      4⤵
      PID:4808
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=219 --always-read-main-dll --field-trial-handle=13944,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=15588 /prefetch:1
      4⤵
      PID:2932
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=220 --always-read-main-dll --field-trial-handle=15076,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=15732 /prefetch:1
      4⤵
      PID:6776
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=221 --always-read-main-dll --field-trial-handle=15876,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=15884 /prefetch:1
      4⤵
      PID:14252
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=222 --always-read-main-dll --field-trial-handle=16232,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=15404 /prefetch:1
      4⤵
      PID:14548
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=223 --always-read-main-dll --field-trial-handle=16120,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=16108 /prefetch:1
      4⤵
      PID:14580
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=224 --always-read-main-dll --field-trial-handle=15548,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=16124 /prefetch:1
      4⤵
      PID:14584
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=225 --always-read-main-dll --field-trial-handle=33068,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=15976 /prefetch:1
      4⤵
      PID:14004
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=227 --always-read-main-dll --field-trial-handle=23264,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=26636 /prefetch:1
      4⤵
      PID:12160
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=228 --always-read-main-dll --field-trial-handle=4768,i,16730565243305034853,199936651517857610,262144 --variations-seed-version --mojo-platform-channel-handle=19432 /prefetch:1
      4⤵
      PID:8116
- - C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
    "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Writes to the Master Boot Record (MBR)
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2460
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
      4⤵
      PID:5704
  - - C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
      "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Writes to the Master Boot Record (MBR)
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:5560
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        5⤵
        
        PID:3748
    - - C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        Modifies registry class
        
        PID:3040
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        6⤵
        
        PID:896
      - C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        6⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:4356
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        7⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        7⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:2808
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        8⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        8⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        
        PID:4232
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        9⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        9⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:3468
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        10⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        10⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        
        PID:5684
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        11⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        11⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        Modifies registry class
        
        PID:1104
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        12⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        12⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        
        PID:5004
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        13⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        13⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:1116
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        14⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        14⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:5684
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        15⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        15⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        Modifies registry class
        
        PID:2076
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        16⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        16⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        Modifies registry class
        
        PID:436
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        17⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        17⤵
        Checks computer location settings
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        
        PID:3144
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        18⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        18⤵
        Checks computer location settings
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:6452
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        19⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        19⤵
        Checks computer location settings
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Modifies registry class
        
        PID:6760
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        20⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        20⤵
        Checks computer location settings
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:5980
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        21⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        21⤵
        Checks computer location settings
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Modifies registry class
        
        PID:6536
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        22⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        22⤵
        Checks computer location settings
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        
        PID:4028
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        23⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        23⤵
        Checks computer location settings
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        
        PID:6240
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        24⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        24⤵
        Checks computer location settings
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:5660
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        25⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        25⤵
        Checks computer location settings
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:6584
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        26⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        26⤵
        Checks computer location settings
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:6404
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        27⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        27⤵
        Checks computer location settings
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        
        PID:6448
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        28⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        28⤵
        Checks computer location settings
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:2404
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        29⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        29⤵
        Checks computer location settings
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:6480
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        30⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        30⤵
        Checks computer location settings
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:4176
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        31⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        31⤵
        Checks computer location settings
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Modifies registry class
        
        PID:6924
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        32⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        32⤵
        Checks computer location settings
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        
        PID:936
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        33⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        33⤵
        Checks computer location settings
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:7336
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        34⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        34⤵
        Checks computer location settings
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        
        PID:7636
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        35⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        35⤵
        Checks computer location settings
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        
        PID:8084
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        36⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        36⤵
        Checks computer location settings
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        
        PID:7344
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        37⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        37⤵
        Checks computer location settings
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        
        PID:7960
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        38⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        38⤵
        Checks computer location settings
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Modifies registry class
        
        PID:7252
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        39⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        39⤵
        Checks computer location settings
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Modifies registry class
        
        PID:8156
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        40⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        40⤵
        Checks computer location settings
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        
        PID:4432
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        41⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        41⤵
        Checks computer location settings
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Modifies registry class
        
        PID:8176
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        42⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        42⤵
        Checks computer location settings
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:8152
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        43⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        43⤵
        Checks computer location settings
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:7968
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        44⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        44⤵
        Checks computer location settings
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:7608
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        45⤵
        
        PID:8376
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        45⤵
        Checks computer location settings
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:8536
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        46⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        46⤵
        Checks computer location settings
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        
        PID:8800
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        47⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        47⤵
        Checks computer location settings
        Writes to the Master Boot Record (MBR)
        Modifies registry class
        
        PID:7228
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        48⤵
        
        PID:8388
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        48⤵
        Checks computer location settings
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:7776
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        49⤵
        
        PID:9008
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        49⤵
        Checks computer location settings
        Writes to the Master Boot Record (MBR)
        
        PID:9196
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        50⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        50⤵
        Checks computer location settings
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:8740
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        51⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        51⤵
        Checks computer location settings
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        
        PID:9132
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        52⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        52⤵
        Checks computer location settings
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:9060
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        53⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        53⤵
        Checks computer location settings
        Writes to the Master Boot Record (MBR)
        Modifies registry class
        
        PID:2820
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        54⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        54⤵
        Checks computer location settings
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:8740
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        55⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        55⤵
        Checks computer location settings
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        
        PID:8416
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        56⤵
        
        PID:9356
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        56⤵
        Checks computer location settings
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        
        PID:9536
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        57⤵
        
        PID:9708
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        57⤵
        Checks computer location settings
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        
        PID:9968
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        58⤵
        
        PID:10132
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        58⤵
        Checks computer location settings
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:9464
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        59⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        59⤵
        Checks computer location settings
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:9808
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        60⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        60⤵
        Checks computer location settings
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:5016
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        61⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        61⤵
        Checks computer location settings
        Writes to the Master Boot Record (MBR)
        
        PID:9888
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        62⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        62⤵
        Checks computer location settings
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        
        PID:8500
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        63⤵
        
        PID:9804
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        63⤵
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        
        PID:9476
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        64⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        64⤵
        
        PID:9656
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        65⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        65⤵
        
        PID:9376
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        66⤵
        
        PID:10140
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        66⤵
        
        PID:8300
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        67⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        67⤵
        
        PID:8292
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        68⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        68⤵
        
        PID:10356
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        69⤵
        
        PID:10684
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        69⤵
        
        PID:10836
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        70⤵
        
        PID:10944
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        70⤵
        
        PID:11152
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        71⤵
        
        PID:10396
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        71⤵
        
        PID:10576
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        72⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        72⤵
        
        PID:11060
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        73⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        73⤵
        
        PID:11232
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        74⤵
        
        PID:10676
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        74⤵
        
        PID:10936
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        75⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        75⤵
        
        PID:11128
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        76⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        76⤵
        
        PID:10936
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        77⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        77⤵
        
        PID:11244
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        78⤵
        
        PID:10264
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        78⤵
        
        PID:9952
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        79⤵
        
        PID:11144
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        79⤵
        
        PID:10540
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        80⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        80⤵
        
        PID:11384
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        81⤵
        
        PID:11728
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        81⤵
        
        PID:11952
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        82⤵
        
        PID:12048
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        82⤵
        
        PID:12208
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        83⤵
        
        PID:11488
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        83⤵
        
        PID:11764
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        84⤵
        
        PID:11996
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        84⤵
        
        PID:12164
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        85⤵
        
        PID:11528
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        85⤵
        
        PID:11948
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        86⤵
        
        PID:12140
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        86⤵
        
        PID:11304
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        87⤵
        
        PID:11576
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        87⤵
        
        PID:12080
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        88⤵
        
        PID:11684
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        88⤵
        
        PID:804
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        89⤵
        
        PID:12124
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        89⤵
        
        PID:12140
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        90⤵
        
        PID:12176
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        90⤵
        
        PID:12384
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        91⤵
        
        PID:12468
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        91⤵
        
        PID:12696
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        92⤵
        
        PID:13012
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        92⤵
        
        PID:13168
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        93⤵
        
        PID:13284
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        93⤵
        
        PID:12348
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        94⤵
        
        PID:11288
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        94⤵
        
        PID:12912
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        95⤵
        
        PID:13048
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        95⤵
        
        PID:12128
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        96⤵
        
        PID:12636
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        96⤵
        
        PID:12876
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        97⤵
        
        PID:12920
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        97⤵
        
        PID:12668
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        98⤵
        
        PID:12860
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        98⤵
        
        PID:13008
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        99⤵
        
        PID:12864
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        99⤵
        
        PID:12536
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        100⤵
        
        PID:12668
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        100⤵
        
        PID:13056
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        101⤵
        
        PID:12300
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        101⤵
        
        PID:12556
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        102⤵
        
        PID:13440
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        102⤵
        
        PID:13704
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        103⤵
        
        PID:13820
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        103⤵
        
        PID:13996
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        104⤵
        
        PID:12864
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        104⤵
        
        PID:13552
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        105⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        105⤵
        
        PID:5140
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        106⤵
        
        PID:14056
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        106⤵
        
        PID:14160
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        107⤵
        
        PID:13624
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        107⤵
        
        PID:13864
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        108⤵
        
        PID:13332
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        108⤵
        
        PID:13464
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        109⤵
        
        PID:13884
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        109⤵
        
        PID:5272
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        110⤵
        
        PID:12900
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        110⤵
        
        PID:13576
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        111⤵
        
        PID:13848
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        111⤵
        
        PID:4992
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        112⤵
        
        PID:14272
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        112⤵
        
        PID:6184
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        113⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        113⤵
        
        PID:14496
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        114⤵
        
        PID:14816
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        114⤵
        
        PID:15080
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        115⤵
        
        PID:14688
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        115⤵
        
        PID:15200
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        116⤵
        
        PID:14344
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        116⤵
        
        PID:14708
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        117⤵
        
        PID:15120
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        117⤵
        
        PID:15168
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        118⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        118⤵
        
        PID:15308
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        119⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        119⤵
        
        PID:5188
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        120⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        120⤵
        
        PID:13444
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        121⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        121⤵
        
        PID:11520
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        122⤵
        
        PID:12392
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        122⤵
        
        PID:13004
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        123⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        123⤵
        
        PID:4656
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        124⤵
        
        PID:14324
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        124⤵
        
        PID:1624
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        125⤵
        
        PID:9816
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        125⤵
        
        PID:14360
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        126⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        126⤵
        
        PID:5264
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        127⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        127⤵
        
        PID:8656
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        128⤵
        
        PID:9512
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        128⤵
        
        PID:10672
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        129⤵
        
        PID:13172
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        129⤵
        
        PID:11132
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        130⤵
        
        PID:14548
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        130⤵
        
        PID:10984
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        131⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        131⤵
        
        PID:11308
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        132⤵
        
        PID:9404
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        132⤵
        
        PID:12708
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        133⤵
        
        PID:13376
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        133⤵
        
        PID:4092
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        134⤵
        
        PID:12916
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        134⤵
        
        PID:13352
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        135⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        135⤵
        
        PID:2844
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        136⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        136⤵
        
        PID:9400
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        137⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        137⤵
        
        PID:15084
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        138⤵
        
        PID:13168
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        138⤵
        
        PID:12540
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        139⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        139⤵
        
        PID:14772
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        140⤵
        
        PID:15200
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        140⤵
        
        PID:9404
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        141⤵
        
        PID:12788
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        141⤵
        
        PID:13264
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        142⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        142⤵
        
        PID:12240
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        143⤵
        
        PID:13660
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        143⤵
        
        PID:15004
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        144⤵
        
        PID:116
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        145⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        145⤵
        
        PID:1580
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        146⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        146⤵
        
        PID:8308
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        147⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        147⤵
        
        PID:11388
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        148⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        148⤵
        
        PID:9236
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        149⤵
        
        PID:11760
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        149⤵
        
        PID:6888
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        150⤵
        
        PID:10792
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        150⤵
        
        PID:7104
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        151⤵
        
        PID:14488
        
        C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe"
        151⤵
        
        PID:9984
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bacdau.vn/?tn=test&mc=8BD81C6940A04AD8207496113AC940D2&i=1697537500&t=1744187138
        152⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        150⤵
        
        PID:12656
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        149⤵
        
        PID:10008
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        147⤵
        
        PID:11904
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        145⤵
        
        PID:10972
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        143⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        142⤵
        
        PID:13004
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        140⤵
        
        PID:12928
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        138⤵
        
        PID:11108
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        136⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        134⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        132⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        130⤵
        
        PID:9708
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        128⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        126⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        124⤵
        
        PID:14300
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        122⤵
        
        PID:12328
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        120⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        118⤵
        
        PID:15288
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        116⤵
        
        PID:14548
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        115⤵
        
        PID:15212
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        113⤵
        
        PID:14512
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        111⤵
        
        PID:12880
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        108⤵
        
        PID:14276
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        106⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        104⤵
        
        PID:13564
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        103⤵
        
        PID:14012
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        101⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        99⤵
        
        PID:12332
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        98⤵
        
        PID:12704
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        96⤵
        
        PID:12888
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        95⤵
        
        PID:11592
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        93⤵
        
        PID:12316
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        91⤵
        
        PID:12712
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        89⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        87⤵
        
        PID:12108
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        84⤵
        
        PID:12168
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        82⤵
        
        PID:12224
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        80⤵
        
        PID:11404
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        78⤵
        
        PID:10536
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        75⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        72⤵
        
        PID:11088
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        70⤵
        
        PID:11172
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        68⤵
        
        PID:10372
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        66⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        63⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        60⤵
        System Location Discovery: System Language Discovery
        
        PID:8460
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        58⤵
        System Location Discovery: System Language Discovery
        
        PID:9484
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        57⤵
        System Location Discovery: System Language Discovery
        
        PID:9980
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        55⤵
        System Location Discovery: System Language Discovery
        
        PID:8208
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        54⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        51⤵
        System Location Discovery: System Language Discovery
        
        PID:9164
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        48⤵
        System Location Discovery: System Language Discovery
        
        PID:8372
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        46⤵
        System Location Discovery: System Language Discovery
        
        PID:8856
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        44⤵
        Executes dropped EXE
        
        PID:8076
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        41⤵
        Executes dropped EXE
        
        PID:8168
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        40⤵
        Executes dropped EXE
        
        PID:7620
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        38⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:7276
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        35⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:8100
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        32⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4176
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        30⤵
        Executes dropped EXE
        
        PID:6964
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        27⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:6504
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        24⤵
        Executes dropped EXE
        
        PID:6588
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        21⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:6552
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        19⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:6776
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        17⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4768
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        15⤵
        Executes dropped EXE
        
        PID:1044
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        13⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1308
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        10⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2300
        
        C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4568
    - - C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
        
        "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2596
- C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe
  C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe -u
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Writes to the Master Boot Record (MBR)
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4784
- - C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe
    "C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe" -c "C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2216

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5672

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:13652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:13872

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
1⤵
PID:9968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 10972 -ip 10972
1⤵
PID:14808

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping5584_1447972836\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5584_1447972836\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\25080d5c-6a9b-4a5f-b0d5-b4a5955aff6d.dmp

Filesize
5.5MB

MD5
98ad9d6a363a4988cee37cc4d1b4091d

SHA1
57bcfbfc9782f9e795e4e37c4dd7adedb1fbbeae

SHA256
a9d525bce776cc399f6fbd118fe53771664c5ac9de539d37e706e6330ebaccea

SHA512
9bf342665160461ebb1dff7223b5bf4acf6f4b1fab8b778b76011b0bf122f6a39fd23ecc9ea2d88340a97e54cdc50852db30d5db29601dff73d5df25cfca67c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\95645309-6ae6-481c-8083-7c7b5c17af62.dmp

Filesize
5.5MB

MD5
c8b54431f088a4ff821b60303c4a7294

SHA1
6f6fb3e91b468497882ecf49f4ab4c062e5432d8

SHA256
6ee17460c4bdf2fc0e160af8ad205221a9429950c73a2a2b21e96accd445252f

SHA512
40cfc2fd3c53799dd8fbc5ca64d105fa093fd21eb670aa2fb641b0c47a127c2df5a8d484d053c4a38c0489e634e864212cf90c4dbfdf52b9f751de57bde3de86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
65044109d1beb8ed8d59560642cbc519

SHA1
0084485b0aa26069232fab51ee603682e8edfd17

SHA256
a1e0b448218678b30356cbbe4092ea091435e7450822a9748361b6e8b198962d

SHA512
96dcc68fe92f98c4329a8335cfffdb0849a52562431045ccc42076bda0abf3842491303fb669246bfd04e64113688d3f90000a09571dd76ff84b52e34e45f9b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
9d3ae3804534619d254d62a92cf94f49

SHA1
9a77ac17a50ddc280c2cac6e50de3abdab3f43f8

SHA256
f83cbbd10f542ddba5d9d25c56e5f87b9d30794c66d7c9bc0f0b51dea0f3b421

SHA512
0868fd9171b50185477601795035c113cd2a4dfb1c6af2e5d175ebf8c6c1ae8275fca7ab1aeed4bb90e01cdbe4b68b5641240a1a29ee07f4c4ae4fc1056700f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
89489df62b62199b6ca5b4deb57296e7

SHA1
a5a0e0fb1c2b520ad88eacb334ae042ee00ca391

SHA256
404c2241c919ba435aaf903ce0c4312c5eda20817de77d9b094efae59aebb79c

SHA512
b0efe25a410ae15ad7960920f1de3f02715255cab50dad73046349ea38725513f99fe2960a8c0a63f54d793ea15cee7a43b5211b6c0ee21b56d76bb5aff39a99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
04386d9b07da64c3267f20ae1d08eacf

SHA1
0190f998bbc85c94d078f063278a5f8152b59559

SHA256
289d3ad2ed95ef1abd10c8bd94a2b4b0a6949064091cf7e3b94ab354f96f9668

SHA512
034cd66033da7c75d36ab22031a10ac0d68eb25cfb7481de0acf1d8462649868d353997cb22bca489b5ebac4d2c096fd3e57139874a07a8834ee631b2f29897b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
6b37da5ce57bf3bf12d4bb9ecfbf6bc2

SHA1
417db8eae03d1ef53f99fd579ad0d5c8c3a85641

SHA256
4d30456e12db717aa8fd086aef010718af65c0fe579c2e488970dfca85213114

SHA512
c56a03ce3acf3266a773ffbe48989c1a7ba62b99043a34f1bd63cb59a3e01fc9e69899e59c6898edbe9aaba764b5c4af90db53c9c560790262d4883d98165702

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
46376df5e6b03b8c81c21b6e667c5d23

SHA1
2d693da9c426220efa56a35d63a482b0d30b6110

SHA256
fe75174b2d5eaeb95d4e3dfd3514be6689d5bf10be750261daa26fe8d85bc8ff

SHA512
7ec0b762b617b6e6b14562ecac99e4784c8797d0774b5cddf663d95bcbe972fc8485bbddc051423a3ee6b811d015d38e16d4943ae7adae0656998c1c90842ea2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
ef6aef39e898667145392976418f717a

SHA1
c893d497ad655e1b76b7d0431db4b7e236eaed53

SHA256
93cefec39a56167ceb4334aa36b0dac8480d08c336c3471a27fc4ee915d03493

SHA512
d96574b87974e13b212884960a958ab16beeddaa63562b227ae6e1b063f6b8109e89d0a6e06a7d7065e0ec213f95d30397e8a180467e9771c44ad5be1c2439b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
597745d20e92d6c248d18cdce04d9e3d

SHA1
15d5c527f138266da8d8f5c0c65b67ca4e7c550f

SHA256
ed0a8c50ba8ef6f1bfe773b006bd1afc236402e03288decbb5fc7d90f35832c8

SHA512
045d29c7f95e7f1c68e00dd0fa9052e3d27d6c4edeb0b1bd241387b7e7f3ffd8c1f1bce9a56ef12f8ebc014a9a41b351c754a2583a303d55116e45c8742c87eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
13a4d73ac8f253511f74497fc6daa862

SHA1
476088ca7ff0169bb49cfb5baf9b878f68de71b8

SHA256
0afb2e02de1e28b898b8503e0ff44ca499d2f9f3c669d141e2757f9f93f30382

SHA512
b339ed2d8169eef30c54f04378d65ab5922f105d58f04c3618015e7608fb6da146dc6c233955d5d6db20a413e72eb6cafaced5b87186ab9ec7548fb115f6ce89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
3be3366a8bb160e72aa78e8fdd2b56da

SHA1
94cc382cdc214ee71c04dad4ed6613655894ca8d

SHA256
387b3ae41e02c9d78125997e061804524fb783a25cabe0323536a380f4f9ee5c

SHA512
96cbfd27d70d5d70ea3878a1eed6277b363c952a8568c12ca96da93f336638184f505a088e9813f7472d4dce4504af3f08cfae7d640e5b98ba0d826cf149d13b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
465B

MD5
42bcfdb1535a4f32a94e2a328d40131b

SHA1
823604d71bc14b3f86250616d0914ef60cf3bc5f

SHA256
2d9f91ed5074f86dcf12302f2ab8f1fd6bbfaacb6ccbd32f8464c9d9af0dc167

SHA512
c8bef326bf7a7fc8b1d5ae688ab207be604a07e653fdd1adbdf003bf9bcadefe0e99c3deb198eafad762f427a3d826df6dd8292cfa204b34eb5de0983679a0d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
896B

MD5
bc82fa0fee1e134af5c4f46de7fb3d7d

SHA1
1b90b2275342153195ad34b8a4b1ae897b491da8

SHA256
e9941e7dd1b7de59edcaa17f5734b1be8737baae1c922bffa6dfc1db5134607a

SHA512
6cb0124ff183c78c528021cf9d21241c548ec03f4746fbcc3384852732ece0903ed01f89042b48fb67176c939ae4b87bcda6ebe2062f4ed975b3359ba483a242

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
05c7c4919fd7a0f1870ec4c91c877272

SHA1
74b57194c2efe7c6d7ab7379ab7e22d0ad488a5c

SHA256
39ca5f14e2dbc832487708ee0d1d1be45eca28f39099cfc0d7d297d1e8c74de7

SHA512
282effdab9d9519208137d85e715f1a4a2e407ab0aef34811cba1dd8b0f7c8cce277a53c543f9488580f256cfbc848ec0021405e291aad053d509325a1a4cb39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
1c53f8dccafe9835b7a9abd3d16d5f3c

SHA1
e42c3eb540537c9ab79d0b99d5ba7c7b2bf52f7f

SHA256
fadbcfae03fcc94be3956765ba7ea450beeb72cd7cef503432df421173bde2b6

SHA512
182562d4571bb70913847b16def97ada896a6b83ae4846260cddbaaf6c738711ad0f8e363f76918847a00b6bb0dd117587444345dbab76017b279f92f222c79f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
e206316d0f189e6396fbc354123d70e3

SHA1
9e0f83a0af87af450000b471c3f04d9f5e142e75

SHA256
df21637764e9dece8cf96f1497a95ed0d1d3e742c10c4b4d07382b1052c27435

SHA512
07f2662a828ae013520af976f5e0d05b9e9d7c1b09df1da8fbe0bf5e8971bc68cfef00f0f10845e37d218172692edc697ff0d9128bab891b629bdffbac81c41d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
9f5b93455fc6ca46f3cf76d4235b1110

SHA1
8d4a8264d8bc90a10d3f37adf2e4965523717759

SHA256
57b63afef9a0886b50c7ed92b080c66518d83f7eb5e49e380c6ca7a23ac163b2

SHA512
ffcbe6d7fca45d16628e7eea24be1a2dd4ca402715c268b33a9d06635bd566ff122e82394fedeaa2fbb528b9302a5a644698cda6b2f42f023314b69578288983

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
2b2ba32444965a4c0c2110cabcf10aea

SHA1
59da8df64647a887cdc83be4967d2b7e7a10c501

SHA256
f801d8042d9a673d1ee26f592fb1e9a107002c090389ea161e8bb66f15b73afb

SHA512
0607b0e2acee5cb10fadd75470f7effdc83c6e7aa661f41a8ad7fb56d6d09cdcbdbc7293513f73ccbbc7c28a05a1bc6cb1fd513c005b8300ac619143d0dd2232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
4f35a2657a57ced9057c8f269485cb67

SHA1
dc0573c0813adb0d053e8c9d81ed641aa81d8ac2

SHA256
37456888cd4114a84d7e0f4d4ce5b3e38df14f6ea9f88bb845fb807577f9cd0e

SHA512
68d0aee8fdc92db654163f74df49d450f3e5d6165f954cb020c36943592a9e5ccbac6b143e3a7d7fd166a55265e5dfcdb36d7d6a0de4dbd8c10274037164b766

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
034a0f8e3747fcfb59c946f6acff98e9

SHA1
f50657873954f8e12134b21fdf9dd93c83ebde6b

SHA256
d5de10967eba2b22852156f4b1b9be3f9157eadb2cffccbaefc80b578b68c30a

SHA512
81ce0c1e4ffc87bca636f6708b690c8ac60c73e23f98997543bffec22256c43582f84fa163b4d34a1a3444be24d33d6d9121bb4edb19619d47b38a4e66d02d05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
29ff4b967b8dfa30a123b4aafae1f381

SHA1
c6b0428b84ed2f928c1af55e6b0164ff9b07c961

SHA256
e9eef598a8ffa3de9435307f109c6cfcc2877dcefe2235431ac18bb05f30e3a7

SHA512
56f4d83e9fa2f087b3a117ea50eb7907321cc154028ea332015920436ecdab634efb84689afaab9fcfa9cfedb85e51847868dc9326a90173dd5f058b1c2061d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
921e3fb9fde951f36496289b26e78f8f

SHA1
9c8a3a2ec3fc4a3be9f7ff806bf0d691e5a7c02c

SHA256
46486eedfca211b9f05ea307fe231c9d93e65eda82513c9b5b5acab1ace7f258

SHA512
d495142f653bad2d1298ebd6719d55a0151254ac44196882ebff04016fd2f8bac24d5f8098e3fff7af03a987ad4a7c076458343c5ff2411f5ce5ce7fc3a08fb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
bd43be4561a12d947bb00e6c7afd330a

SHA1
3a8de4df0ae67488154440eb435f3bd381ec1035

SHA256
3494f82d14004a9e0dd0db4984a83cca5ec4264ca1d5e86c245c885f9ccdb8ae

SHA512
6c060dfb5de206a36b331e0f033d712ac4012274eae77065cb72aacffc468bcbe94b297da6e5cd561693c8aa1ab920e41ad1c3dacb2d12ade52d7c2f1e40c3cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
751c619d9126bf124603a16fed5bf75f

SHA1
4a77f435509169f20bb3d123503cf09988a8b297

SHA256
1062cc93261a860ed7d55b1eadff5c0fdd2df3e6e11949ed8e0a3a4918a81096

SHA512
91be224d81e6a5dd3e9a322f10ca19041d814d2770d69f501c01981416aa31faf4a8cb8319fbc641329823fda5e70aa6930c6c71cc94daa717aa54fbbfd4ae71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
dc0d354e26ba257839471f2ecdf2aac2

SHA1
3f9a6be05d868f30c03c750af410b5501d9b9dbb

SHA256
0eab6948112b7b617c2c8652941d901527cff159c0fe8bc46ca740350be1ab56

SHA512
7e92058a0f40fdff17bc2a88dae52f84be3e9f39b25e46332f5b86205fff725460f99bf250e0eecc0826a90e0c5270e3f1f5d9ae7fa51adb8c7d6d2cec8ff36f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj6A45.tmp\System.dll

Filesize
11KB

MD5
bf712f32249029466fa86756f5546950

SHA1
75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

SHA256
7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

SHA512
13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj6A45.tmp\nsJSON.dll

Filesize
7KB

MD5
78b913fcd04259634a5e901c616e6074

SHA1
ad5e1c651851a1125bcad79b01ccdcfa45df4799

SHA256
e3ce60666bb88c2412615ef9f432ec24e219532dee5cc1c7aebc65ed9ec94d59

SHA512
cbe07179dd93011f3d9a8f83541961ff34fb83d96658ac82a433ef0aa3399b183eaec3e6a49ec1c1e478d1eada2d3ebc78ffb1ae0574984ae66a7a9cab5d59e5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\bacdau.lnk

Filesize
1KB

MD5
7cf00c050336a7d8dcd97c82feaa4fcc

SHA1
d47fef9b042cf222a67cb979295cf4a3dceec3f7

SHA256
225aa2ce9db405101d510b42e17c761c65f64ae1ec956525e556278dd2ac56dd

SHA512
1aa1640369b59d71ef5e8c2c7e64612309bfacf086fdbb8bc573f4890db6109bf353489e97a504021c0a050445f74ad4ca6e0285a0fdddbc1f4b3db99c631ea0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\bacdau.lnk

Filesize
1KB

MD5
2d2ebc8355068130d5e501f1d724c07d

SHA1
374889b6b998d1840155e191a1b3454bade26923

SHA256
67f956208e15508389950c29764d0ce8da7107811e224fe4a480a6973be933e1

SHA512
faae4e35f90d0eebb4f4bbc5008d7642af1779d29aa364768d9f2bf61cee314019df005986eaa29d6200484541f09c6e9549e21a672ab2796f560ba391a1eb5c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\bacdau.lnk

Filesize
1KB

MD5
f9cb17f31220687d5136c2aeec5de15a

SHA1
1aa3770df200483f29383d363ce5915b7827a4af

SHA256
2fc030f2e382e7a258e15e96720ba1f4ce162463adfe0606033026d37791ac6f

SHA512
c76e88b0ef0ffb40be27bea36bcea119bc2808c88f3e6587b4f16b63899c128b7c2e159c1dfcc7d3d69b719ef6201b1d0095a90001babc6c7fd0fd9955c69042

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\bacdau.lnk

Filesize
1KB

MD5
e9daee5d5ae5b77de27bf61993cb7d60

SHA1
174bc7c4906d5322b880e8235f74b4e92b85d713

SHA256
ad194882a02c8ed2c7f0ef7cd6ded8b73e8d611f6425d2c0ca664fe08e352a07

SHA512
242ad7514b9b44943398a91f97fc5ffb3de18fc1880918eb9ae3fc379cba59ffbe1ce1eb4d0a783f9448c4d775ee0af132add998688f06b0272487fa958e892b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\bacdau.lnk

Filesize
1KB

MD5
9d49fc8547438c5ee0c3a471053d955a

SHA1
2374736fd1a454efe584386bec95f1ac0e50711b

SHA256
2687affef0008be4d5c49d0edbfb35759bee720358f5b2c2ab158970ceeba92f

SHA512
dec70034c984aac506cbc4d296ba9194d5702606db642fbfbd2e74bbb0cd407764eeacb625a1c965cf7ca98594875e950a10d304506450c062f105880b3623a6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\bacdau.lnk

Filesize
1KB

MD5
6fc209b744b2e411d91dfdb4b9f6af29

SHA1
5bee9bb4560bb93ed440b76174e10c55b973a053

SHA256
ce94f581e42d3f6e01f1cd778ea2bbc5484981c082be240e58e1f6d0c0c67fa3

SHA512
4bc47df955389a7ecf5a27e4bd9ec024b4ab8c43d72c72987341fc488290b9cee51b7c9a2b64bb2b7d05d82abdc19660f8e344d2f4c4a7d55a2fcd01f2686a5d

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\Inst.dll

Filesize
448KB

MD5
dc4b600de23921976fb6845c96e54941

SHA1
4c695b37acac161a520e1cf007c8f116fbdb8404

SHA256
43ba2bc99cdd3cdf9f5954706fd6dde0f775f6fc3518ac755bc33c10175de802

SHA512
c47489ba03887f0c3bfc5eff09501744ab7a5abf9c855ecc4c89df04276a39f2388db707e787567cd3fa2c905116a71bc411852e5687ba6df801fc23e936624c

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\appupdatelib.dll

Filesize
360KB

MD5
3a9d8e0d39aea233d22f6313b17df9bc

SHA1
b00c246744b7f240e3e9ab609694f58026d69d5b

SHA256
a085134a9df44fa891b8efce4fb7bf384d09bd37fdf0b51c66264cefaa4068b6

SHA512
3e8b9bd696352879fba46caf77d364dfffcec9ea6e5708436472c1f4bafbbe93cb67eec4e2b8957aada157e58377dba05931cdcbbff4cefcbf1bdbabd1e4d6de

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe

Filesize
957KB

MD5
632399e31a0a95e6ffabc3612801473a

SHA1
88e63c9e3e1e6fa2f7a40a14a0c0895c9fd4e1f3

SHA256
22884c9e653c839304c6cb58d4a3cf4ee229d837b4aab4cd0836699364e2d8db

SHA512
06bb5c74c8657ef5185cc5a4dcd91be0d3e07124ac6977c184d98622f0592e6706f48c180d8b41f889337c41e92439941780e5df3303fbec9c99d0e2a153eab7

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe.log

Filesize
17KB

MD5
f334d48ba7f152add5d5f2c5f0b01ed8

SHA1
9e93a8f2c9ba832f1a9965e739ddaa81ba58f883

SHA256
431878c6b876a64fa365c41ef5e461d8ddfa0be3bad1fa6220d2d092511bd11f

SHA512
3b2cf0b0bdeca56fca9f02164bdb6a032d890d0e0f810b5439329564a6c4f91ab5e0e5fed2d6d1d89e40fe6a9b5c2dccb127381b57c19bebe31550728478da14

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\appupdater.exe.log

Filesize
8KB

MD5
f25b2308f941e35464e585d31a6c4a8c

SHA1
0409d53afd9043473f8e8d8c7d7a43d108f70646

SHA256
7faeaad14d579798ead95fee1178f778728b657f6a98f9ba81998859e9d31f16

SHA512
f2762f1d27631105bfbd76ec04a4f97bf16b4275ca87c83901924d68642a0f73f4bdbc84f05e48fc4530c21e3bd6d845f7ae850f79d74e05f22009b696fbffc9

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
cf1309b60bfbd6d0ea9cba967c5fa085

SHA1
eb5d8164a80a0136c7aaa07b17471ccdfdb818b6

SHA256
ceebc31395e0f271ddd112692702ad2dd63694b30bf3d194d0de57826ae6e0ce

SHA512
92ac017e445d588b231dea8856f52ac0299e77bfedb3ab2c1533eb5085ea4f6c11bc47d5d5f21bb62bbb51e1186c6213709d5026a179b6bddbc658ce8a0c8c61

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
3c7fc8f03d4dabee1ef33283f4406c97

SHA1
62b4117b9232ead8634870057c078f4df19d6865

SHA256
1ccc7dcbc77490abb7c5d95a023c80d14b6ae6a6a93cdb48dd7fcd3255ae319c

SHA512
2c7ff251f3ef01f7b10b91f20787e66650b0b1a60560e0a98245d0fc246de2908944ae5d776f45c569480f6806d112f76a7dcc106ecb0f301cbf0c23777ead8d

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
6dfb94a6b1e899a80aa550feeeddac21

SHA1
596a1bae56cca8ce43e8ee32912812699204e4e8

SHA256
cc268b44635a308e9ef6ce2d72d58dca55b54a1cd5f26b114fe04df4b49b0373

SHA512
d0e856c5be29efbada45d853dfee6a41dd45524537d66d07261bcedde8c238e80cddbd832c8dd4cb081eea0ba552600b9f0cad98b1dd42f232fbcfc9298cc9cb

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
2f3cfb7f940f925abf921b42439658e4

SHA1
1660803a76eaf03cc2f86ff5821caf06f268bd85

SHA256
86d93c7914da7ab6958e33d4ab27378cb7221e332a510f71e993a0748851e69f

SHA512
0d46ee6df1e3aa07c961d6f20b8cacbc2af529d4a4d6f92519cd0a21a33218e2c6a190cf9bf368fe36768fd1bd223ca6765f09cc7a3f3b162e2bddbc9a4597b2

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
2428dfc1474c63ed2f2699bd8df57735

SHA1
a8c6237387234ff7b9218840d20b075a188fdd3f

SHA256
6170947b7b204960d2677f4b123280864b5c22455ee0243aa127a2eb891c0834

SHA512
5f2c02a07a3afcce2fbbca953c21a783a8e2d39adadafc2063385d76d75781b9770b19ed84a6287f1351d287055feb401200bb356f32e05867a4a28211bce45a

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
05a9b4e85792b242bce9cab10927023c

SHA1
93ca63f5d03bf8ad2c42ddb8d51f756a17b7d872

SHA256
e76fc17ee4852f96c44e277c669461e87e12efdb7bcb0731efaae888cef3f569

SHA512
1a97421a6ba8003a2bf9c1954087f04cf32ba05daa3df1353b080890b405247ca976f161bc57b0a15a745c5e573d7a29286dd2e3e6ac8cf9215cd6935c60f9f3

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
5cc64e2d94a0ef5de19c4c06c637ba24

SHA1
c1471d928b4a047637232cb8c76254fe13d779e2

SHA256
3ccd72d7d950466940ceb7f709d056290d6bea12478ea1742a56c6c3bf3fb7ce

SHA512
e2c54533a9a6bb40299db3a4f7daee80dce9537fa0d41f938f403ab3699a6cbaede365ae8e273c6154ca3ecab2856f874151be7e898578a2a00a0f9f6bacff7e

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
d8cff55abcb34ac0adaa4771ab3679bf

SHA1
084491d2eecd0c6c632a989b642bf9e7faf2d553

SHA256
8e724180b62991c5d44e91b0478a7d42b96eed611751220263a4f1e7e54f5172

SHA512
8fd533c6d349fd646262783cd0cd725e85e2e06e08c11625960378a9b2beabea073c67a09262412b55f57198345a6c507f12cfc1eb36daac7e5eb08fa68563f5

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
f0574f944e07f368a88ab1fe976e33a1

SHA1
d860d90b6268918eea550b6c651d62569b648e40

SHA256
f8f85090344de00b9cd7e1969bbea22005a90e3330be44f696f7d054c60a9011

SHA512
8e0e5fbec36a0ba414c9c4c79d3ad27668817c693e4f3f339e097fb24fd3b652a98cb2d7fccab10a5f882a7cc63ec773bef73cb90281e11be21653b99e6e2624

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
9fb82d13eff0808ce068d0bd89aa3033

SHA1
87c313436b070b9a76b7af15da65d796f180723e

SHA256
c38f5776104c5a8ab8d019145a1485f1432a9ce4438599908976ee37eab230c0

SHA512
d6b3b6ae85bae8ab13ebd382e56b1868f23264d1892d95d4142441d8305217638f6d3512dba2351d6a0c96200c9920895a3d2f2ccc11badc80aad83296ef399e

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
caeec17086373820185648b673786017

SHA1
7bd9cfc793abe8a4e05ab50b2b82727fe544ffb1

SHA256
ab9b8b70b0936614219550c4a3fb1ecde80e407bf2e8da507ae6fd3a69a73def

SHA512
f2b752c82962baf72662ba5224eb905a0bdd40bc5baa77ff845a9e7c10ee7bf2bb33fdfa30bde110dbd7aa8d7bfe5e4730ac4f1a3e97e26414841bc07c161c42

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
69dad7aa6ac48e880c89562a617247e9

SHA1
9952617c0824143b9ce703663d404bf09ecb69fb

SHA256
0f52ce1779c2cfd463137c2bc5ed37031e8f6384b0c4adfabe32cb7e04d6a8b4

SHA512
24b57cad731329ed91ec197015b3caf5047c84fc67f555323bd376222b55ebb63fa4a000d35fcfbe2ece8d968d59053edf592e347812fccd8d10f855c4dd6b2b

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
8171dee92bf3baa03b49078767bd77ec

SHA1
1d87d178a7f70e9c4ea2ff876c3cef8cb505b762

SHA256
b040e0076042ada2ff301a71460bb50a62e8e4aee5c5797e2069352e6b2e9470

SHA512
c38cd85ee9ccc701abab0ff8b36f04dc996d152f20877d852d8bc144a3ee4d2374e079ed15c282d279c4ba3e5e845081980cde692da4451da329d7a75268580a

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
e8d4fd669432031b4db0583ca5fa725e

SHA1
90cadec115cb7e56a02cd16e7b5248acbeb65e6d

SHA256
520ceac57abcf24bf27c31d00c4124e79f776d62e38c0bc516674b59caa01183

SHA512
0f16ddad6cba0981b32257da1af864c9775db8416e69520786ffe1cacb2adc17f8f217eeeac2b21c7d8e34a389b7efb19ec6cd48fb1a5102707c0fc40bc2be9a

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
a2eeab11803759d0a0ac909d74c38cc5

SHA1
638a77e365113e4169021a377eee523618618f96

SHA256
49f667ee7e961f6b7b4c5a33b996c619048a21652916ac194c3ab1025e9e2f65

SHA512
c2b9e439a535aff3699895935c498ad43f8a5e69b274e30cff7f12dbe40170cdfa042353a28c25de8ffc15d3984143c4318090a297c438c16ea0a62880b2b3ef

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
4235b011c3b6547da6aedae612779562

SHA1
6f27a1de4b7a0217961d4bb5297619c342afebce

SHA256
f2ab6a4bc2b100b9c1652b486ca272018ede45a53cef28ffe1910df7e7ecd67d

SHA512
f43541b588a9ab6c49f50de0570b54d55635161ec421f1db4b723937f129ff1fc2609efe4b0a203642acba80c7e555a5e4774b36657781e39f5330db34a11cd1

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
f62b3b4cbfb396efc4ffdcbcf56315b0

SHA1
d5ce63756e03990e738cf60f4b41dcc4f1dd4d4b

SHA256
dd646a3d05584d9d9318531a9e5ec0d49d0c1afdac7dac3d3ea613d21c926e82

SHA512
0a49ff79f2334f168e5a11f89b7de66f3f9ceed8324b1d1acba06669f449fd869976c8dbe355beabfce12908042d8d2a5992e271ca21b631b8e7fc7e11b5815c

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
8ad533d9e1fa8d348d6da8fd86e8844b

SHA1
b07c09683853b3892090b36260d6d4be5c8828b8

SHA256
6ebf60b6d0a54a2cb04e1076b9b32e031e3228f6d51cb2d7703ac8803c80e983

SHA512
675628a7161e8e13def6e0fae13bdebda6e3331f2ccaf543fd465c06f866c4b980553c555fdb1a7186b2863d40719cba2d2485aa4ddf8cd576b532fdf379e397

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
a80edb9670fab97dc16fb83f4ba08b7f

SHA1
eb81df1f87fd067cc8dde6378bdde99ad7d0e736

SHA256
7ae6920de4be8f44aec489ea0bb5c085f20acebb07d10cb8d5d8555c8e8ea4be

SHA512
5a5ec06c44edfce9f81b8c5d70e15fb3c23881afe6c1e1e85498cb8408f18829620f2b9c129663420fe410a92fb3c4d471f1ab2ef1eb6dab669f93e850067db3

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
849cf9591be259109e81ec889b4986f8

SHA1
e6bb94310c6467add23a5cc075928522e48643e1

SHA256
cff8895b6f895c6e56e3f2dc018c9f72d9d056828ce9b3366b0d17a05a4eaa9c

SHA512
c780be6fd4678ed1fb02897b69c98c6c357036a4788f27e539e30e6fcc5fb3ecd57ac9c7e3d14db35d23633929a934752f6ff0e58652486fc3592c2d9af7f80b

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
b3a09d7b4f1792b3781d04322085362a

SHA1
c74a5583d486a4bc6b50912ba32c621c8e093e07

SHA256
a15652ccb0a30ec1e7b0a7abf2ae6bbb936128affc5404a257f687d928a12c26

SHA512
c850cf48e627abb62b48c86091dfde127fd76517a09a565184746ec8b7575bce92fdf6bf7b9fc87d54e7685833897896149105d2fbd97aa373cc7f68ab85e7bf

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
5372e58104dca070af07aa9afcdbe766

SHA1
d99a3bbaff3f4fe78909e94a8ab920a30e2c9518

SHA256
ef916d46e0631e7a1b19de50ca2bbcff17155ecae89bd01e065900a0cac9ee83

SHA512
10be2e331155748e4f05fbfc19043de26f2f6f93a206b1aa211b216e9e8cc13d5c7a529b725676072efe5defe289f0ac5f1243e01358ed117142ac7332068451

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
d4a6f098463f8b20ac7f489b06d44a28

SHA1
e2159e1faa535c9692cac4336e93ef67d062caea

SHA256
8beacebf91d5b1962fafa374685a212716913e032e302c09c701600376a7d42e

SHA512
4a6162d2ba40ca58fc08520950620f16c0712c654f95e9142f0cb533dc2f5ee97966174ca382d645cbf2eee19bc206387dd5d5b8095c663d1ed739321653800f

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
d4146dd2af7991bf76c9939ca4faf26f

SHA1
8bcc60cb98ecaf29af88cb0cea27f9d22ca8a0cd

SHA256
3ba4f98c7ec0d6670402f9fa9e9f4d7ceb4a5e1ec2c25c7c025d145563f2bfb9

SHA512
b16ff11e0bf87bb6eaa6e1aaaf33452e8adb1e30a106355076b422f4b6fec5063ab6bc621f90267ce89a9651a90c3d76b834fe21c4177cd87b83786a5516f7a2

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
f34b2209c1bc218df26082cf8e364dd7

SHA1
f3e45c66f45e14c205b97807d9f213c82d81af4c

SHA256
6b36d43a8e6897fd96c014c3899fef013ab587edfa8d49b19f1516cec44a1e13

SHA512
4c95c6480a6f3bfabb52e9b115d31b55f4cea257a68e8c851bb686c6f429fc59072f31d7723d04b816adf257afc44b4d4b2f8384d58fe14c9f35fce72eac6545

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
9786def5107d59bf911d8f74314bb336

SHA1
c58c618048058961151182ae7020a5338fe7a1cc

SHA256
a4f0c79099ce2e9d98421415839e7cabafe0b2f4d5388cf1384cf3c543e9b76f

SHA512
42978b1d868a887ee8c37828ec6e4499a17eeba425cd9f4335eeabe2ad6bda2b58cfd404e4a61392dfe3d901b3b4de75d615fddf4e14b7720fc1b7aa03bb55c7

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
34074e63de52fecbbefbef6d41a71364

SHA1
fd52d48d5e92f5effc675f267cb80bda0f55dec8

SHA256
e8d58d2a9a197d01c311eff3be2fbbf446011c44c303568b90243e80e1e2b8a4

SHA512
a053f5144b129ba8c1a43f7b2250b3be02f34e35813f0c419e1ac13bbcb556830d5583ba975d6bcdf78a0ef69e6ee8d743de325af0492f007747473b3298f8d5

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
979efa14a58db0da212c3bd7ee5b89d1

SHA1
b6dcee0e7eb74e603255df2a94f62bacf9c6f5ab

SHA256
22195354a8764dfefa481534c0a2da450b8deebbf7fe34335714c0f92e6b66eb

SHA512
54642beb4b9ff469c9939c84a272d109618dbc8253dff420f9ffd9ebb39f71f9e1fc50303a467661e0a2618a5526446db5f781085e9f8b44c6117b97a0d7a458

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
c879ee4c786460d88957e21d43aa6320

SHA1
518f6ba5f1bdc975317a0e53e41658104c6c456d

SHA256
b64ff833410a6aee2d8eb37998fd74e9874eff2c97e85c4ccb706dd48fce3bc0

SHA512
6674d5e6791e23e8cefcf761c93a3da32b944dc13409150e3e632edfe4f3b15a175eca06ed8edf6b220288f455b12645e1472909e65cf4269f5d3282dda506ab

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
3d2f0af77b801a6a7b6d533209cb6dd6

SHA1
0921012aefb9fa522b66c4b2740186e8cedb3dd4

SHA256
14d24f083610aa3e62fab498607a812585363617e8a06d248139a8bbd6e6b493

SHA512
583cb3e5ceb359d38d19fefd9621f5b0d9ede956680c4577b47959cba12c9d9c7e0a34fd4aa4a6d2afefdb4d62d46801fcd0bbd81dbdb3af5a5415754bb6d966

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
e22d3fa344d0fab24136eb419db0222b

SHA1
ff6cf10954094f0af65f979cc16cf274a53edb41

SHA256
6f53e0c7448b71ee439d12b8615ec5d1088696b50b875c9a6fff73e275b4d0ef

SHA512
901a9a998afed16958aafba9ad2f37a61c595e34da797303d109d5153b5f5d0faa47d7ee853dd5a11af9181c47ae83a6398fe29f9f406bc7910608601562b136

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
2651abf5bc1e3c196c6e8a6d08d57978

SHA1
429767b19426d5cc9daf4a430fd8e7faa90f8c77

SHA256
5a4c93fe4270fbc865dd31c54c9c5521466309348860b2ea98d597b8149eaba1

SHA512
5e408dc644695c6eb3b63d5b327479008bc65c69adfb7d47d2b0b4bb0e68688b72a221804cf311197de766ea94d46b52616c1ffad4a71c89bb84b53325c7cc53

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
8969eb956485e2b5e2da75acf76e4679

SHA1
6b75a451eda4265a858bbd1f4150f1bf8c2995a7

SHA256
d1e2af76e53f1bcb25c5a68d53e715f8a2871577ef169ed1b3a799a1bc525906

SHA512
5e9c7da71b7f67f6f1898690121dfdfc1e0a5044fca17dafd50bfb8b1e4668395f50cc5edc131f5ae12f7ae35106560e73b362b41acf7850b5f267561bee67c3

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
e8de749b7275323955cca1df7881fd92

SHA1
0c57ab840630122dd207f649239c88386b0dfd11

SHA256
9bc2db2159eb9486c14aafa7108fc34c920a266fa578d4e3cc93c654966bf0a4

SHA512
b660ee089ad4c0488488307af127d284f61fc6bd4b91131fef05987d0518b074fd1dabe77bcf1420095b53bfb5a65e3250804d0d8d66ec024c92be70e0a3cf28

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
fb8e37b8a28e2acbd519ca961f87668d

SHA1
40848494b1ac253c4f4309b0363f8c3c50e702e3

SHA256
c96f9ffaf6dcd2aa5a2f8006cbc23e3a872060406d068b4db2f77553290bddd8

SHA512
d0e275faf97f4282eb73464afa0fcf2aef410dcb621568509dfbd853a3851511fb42f37d7bd27921818d588d79cad9dc84c9700062324d1492fa118a63bd6682

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
1695bb9411413c9868c5ef814a010d75

SHA1
35ad3e4f1d7316d80f1d4c50b35b067ab60c1748

SHA256
d420a5435b834ea617c985b4804895b2a06cea60481e04af03373af1d56ab984

SHA512
a134be0e34d06922efd5a9ef7e6556ac0f5437e4b6d560a8395b8312ebe22e54b64c685c2fd2c0c4809f55248b01081e60afa92fab3ef631474c3b1ecce406e6

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
2217d2b91b0f9572cf094c83cfa2ccce

SHA1
051f5e513689be87acc6b20d757e156efa36b013

SHA256
8c63bff60a7f878b8febd06b2b4667be6218c8552c17f1546f82a794df6594dd

SHA512
2bc53a4cedf6fdef9c7d0fd472ab4ab35149d11a9114ab86314492e95e589369665f8cd65200ba94179266a00afa89e44b32bc44780a78039cb382915627fa8d

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
cf4700b6475863239f7579393315dcd9

SHA1
72bad41bc9613a3a0d41a4703abd2cce417ef0c0

SHA256
b4cfb679a16fa1d2d96c46864695fa0697aa453d353940f76d74d6e166d0f730

SHA512
f95f3a6cb84c337e40327c0681c177f5ebcb425366c52d776f34d523a21ac4c0463491cbcf51ebaee98aa2294cf35fd6938da3b1d8744c690ce48eca2a4a46e2

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
078cd6b38946e554cf5c12ce1e25c9fe

SHA1
b6f2d45757b43ba6b21011467fc39ea3db093c0c

SHA256
ab296d8aca95c7e5acc30332f35492f805f76fc5ed7d7328e849dfc17957c32d

SHA512
a77a1cdca53678d6fafbcb2d40e05d5c6999ea70535e513873524998dd7fda1ea2520241318d656779a377cb36560daaaf2a6e5e06ab188a03c0d403e4a5fde4

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
8b85abb151ac09945b7a02a0c4115e3e

SHA1
49a5cdd59a14eef712b056969ac1a4a76c32876b

SHA256
3cddd5969522c1bb5f941691eec52c24a79358388fd7ce4ebd25de3ad0394eb2

SHA512
889e2588db21d000c85779a642c2ec3a36de4210f6b240004842c90490ae0b933e65a3b565bc34c4ad96d96ee5863f038f359411ecdf3abdc1dd20b175a85b8d

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
fb91b4b0f7c2135515e200904755e02f

SHA1
f815feb62ca961903706b41fc6e8d81571defc09

SHA256
ed35c4ac5884786cde4a13b09d28230751bbf5028b974bc66e9a502ada424c14

SHA512
1d4ed62193a11b3ee4f9dd73568660936e04a154b5e15cec0615053a43d20f17170c65650d72c8afd3bc4def1c5d9dd0feb33e898943bf516303742343fc61c1

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
db3f967b14a93a470de80a4e99a3ad1a

SHA1
6d3a9b47c8fc5cf4fe55348eae9c4ce9c12ba1fa

SHA256
2af5d6f1463176f6c30880773387df3d33020df8e0e335bb92acaecb074acaac

SHA512
7188860c398994561745ed720cadbf10be88f407aa6d48e325ff674c457608b3ad329cf24d0145f9a1a13886f74c0e35e98f95439df88c6b7c8ed51dcda70216

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
1170dce9cb1338d4dc9ed12b519ace5d

SHA1
75d8e576c2c9af20d797fc49b7fd40a5af3861e1

SHA256
5e16037b2ed8388d6fba4b4fc3f2ca726028679bfb14c2602835b0be7086183c

SHA512
42e5ae5b0ec24a8b40722a8308dcbd83bf36994bb4798e8093ff8414e782ef9b0d8a06e3075b5a7314000a0a2b2dd73301bc4db8e75cc53bd3fe88e99b6b2123

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
669ce91d9a9ae6b4b868618b21312a2f

SHA1
35289a75af6556006d31e3ffd3bc507a6bbe6c30

SHA256
fb1e9db705930d964675bc5ec7ede41e024f0f2266f80fd8bf0b58d4b5ee4461

SHA512
824d8e8a47fa4ebe9c10ffe3fd6f18163574abb890a4576d3c8cc5c3e0c7c8e23b56aeb16100dc075585f4a5a9e783083771d51afacf93aa046f715c719230c9

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
720137d762d0e450392dd967ce06e97d

SHA1
8b7da52b145912645ece8d55d05a679f3d050c6f

SHA256
b853a49dc4914dbe797de2f45d482be1bbf8ad11ce2e04c5324b3cb4392fa650

SHA512
0148eae5239ef0fab68d565afa24d666e37a57ea392b296c0ea5dd49072057f9e032b8e9828b6e2d14e02a6c9f1fa2ade904883d9564ba9d4878ea0ac066d577

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
2a8ffd39a29e18125a339be59cf97f09

SHA1
cd02c1787a544f713e74c2dcc10ee099eb681cfd

SHA256
589b2060b67b9b207d4a5607fdf5138113cdea0d9053d99732dc52d186dff81f

SHA512
438b403b3028d5797efea62ad5d5deb9e69669cce411666c25e32a2c27d5161127c280790c347d8c27947abc62562121f07546f3c571722c62bc03013ac6f9c2

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
dc5771d68ae20357c86af0121f23bdad

SHA1
1cf0bc95e0da1961e2916cfd278a95534b3d9d10

SHA256
1cd0ec589861b692d61036c8c36759e3d2f452ef43fe1dd9f5653ddb389628f4

SHA512
1544c537fc05f45f69f2294a9cc10847415518bb70087f8fd17a11cc14f6a30076fb31565945afdd0f5ecd15d99ee05f1e9cbe1829176d210552898d00e0e437

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
655f7a2a4453602a98e6e4f65f172d56

SHA1
034791bb9bf654392a0cbc822890c74db3069bd2

SHA256
aab5baf4ba8d958d914160decb830c9f5320de8e7bc081ed68d6044ee6b64b47

SHA512
391cea65439349c9371d6d56201d32dd91e6a26c7610bc99eb6e7c3f2e38fa2f392aee6b061cc3f90559ef0e2d42b9317371107d87665a2b13b92dd146b75122

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
5352b0f17366a7365a8f82d3bbf5f244

SHA1
c038067e6de5291b5cbeec477ca428bfaf5e2f44

SHA256
8c600a9f11f2a0a286e34d5c0b324951b10c7b8fca229424726ea32551fa0cd0

SHA512
3358c7448df3cd756676461a0556603e8fcaa6938b4721f737693c952c7201a20506b6453786494025b801c05b6a2b294781dc151227cb376efb996ea23eb0c0

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
41eae45fbbc00112e527db96fc4df36f

SHA1
85942f6f634ec2a9b812368b5073a171b3f36611

SHA256
245af20cd480cb28a7cb30c5200ff559fc5a4d01191328eac5e60deb4ddb6342

SHA512
04d99476bdad90e10d1db1a7b03e75002681a36cdd8bb9106fa2f86911707179535d035fe494ce94288ecb244a898a0fe958597ade02aaf3e84b119fcb92175a

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
6280b59ca4144f127de59130a6442ae1

SHA1
18324f1a3dc533b0525cb601db3b6f495afee0ee

SHA256
c038577f99b04fa3a1ecd29babe80f710a1e975aba91ee2cd5619bbedc3aa87a

SHA512
853daeffb0fe67e5737016868440d4050633a19a418f0804d3b9fa849f32c8a0c3544a0fe4878b4ab22f949a0a05a5c92a7bd119ec8be5a2893b30cd7c3084dc

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
b4e3a85ae3e6548f6b1656f1ccf4369e

SHA1
4c56bca0b979ab4694ec21aa312f6253a440288e

SHA256
d3bf1cf0b0db1b5b453a8e114aae7e01d2e82841f453f1f245a96832e4bf7845

SHA512
8bad3c5433d6a6ba4a0503e688aba63774d9bb90f58585fb84a2e9ed66fe2b10f331c180d6442358bc8f46a4d004fa04899bf8a8f46b038067b46c04430a4dff

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
25333d27473294c1c541f8f9bf6e1b71

SHA1
f7fdaadf2d982bd3622ebb3dbf744a30808a12e9

SHA256
af5d9af9b124453ff021bef3db323e024f13d769496b737e6f3e7eae8a0ad10c

SHA512
a95acfab2f068e4cccc707d8048cd7cef4e3df3727465b64f87f1392bfaa306b8ec5b54d89f32a7826c2c492b3c791cf600e9ef4a5a4770af3f45c78590f5f1a

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
2e8b9f981f899a8a241fd91a45516ea6

SHA1
693ce4dd72220c84112e39dc1d5f5481dfffd8ec

SHA256
e582db3ba066db62d42b39ece9a92995b202689a9681d9577727e69ba31e8c9c

SHA512
218ad842ca0ccd5194a2cfa5b2d77c533f644fbe2f69b69e5631304bf7426886cc7fd865b1ccbdbb0bb2d0ac8540fed24dd1d62af17c98ead9190ee033fba6c8

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
4a3748a2e7501bfc282d623007876f45

SHA1
e34d59751935193ee98027b32a527a56a4f558fb

SHA256
aca534662871b7bf4925b7b0d88cc1a64bb67b03ed1fa0ce94943cc369636400

SHA512
31927eadd92d0ea40a52bd4daf99bfa43b4c1794c99fcff38bd46e760840e0a29ce1003797ab4c0da025c9305f73942d80eaf748f912c07769cb997c25a38407

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
247eabc895651dc3218ea96d40b23a1f

SHA1
211d504d6b35cda11ed1a748da9e39c39805989a

SHA256
2ba4c1833383332695cc808ecf7710b2886facf107d29656af7dd9faa546a880

SHA512
81e64a43985b81929d129339e01eb86c13ec900d027d628648bfaae4136f7ca95b3a12d92394a82930754eb84a4bcbcc7b94e7654a6cd94c77750072c3ac92bb

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
ba634f553a701846ba5ccaeab8f8901d

SHA1
4c93f3e0da678287663277d65215e4880e727c8c

SHA256
e917a0ccad39e39f54eba643aaed938ae0b1f28f10f982cf92d4513ad80b3ad8

SHA512
75ae243a3088314a46e27126be6283e48e0c33047913839f0e889c04e855f8825022c0b5040b7aae0d405856d23447c43126632c25140cc566576e2089f828fe

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
e74f13f6c051483c2655aebf4387e944

SHA1
809c70f600d142e9fb5cc277a4876c4ce1a80390

SHA256
c8d26786b2252f8cdc1a2c11803fb7824367599a9b7a5a7108841a97851867bb

SHA512
1b5343ec3f0d66e1450ae5ee4bac80018ed4dc66beba18512362525fcca84bf3ee4082ab12a50e8517f9a1fac0e58d858e0618c6c2fbd7d1be33b13a49b97462

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
e9fa1e836000d406fb1e39aef56d702f

SHA1
86f07628673b54576014f99dcf44a4dd1660eebb

SHA256
7958b81535f436805f9eb082902700654fbac68eb0112e50c790ebd3da815113

SHA512
a381b99afa9347aae2d98f939ae70b7b461127a23006e336b6576ad5ee53e8df6aef4d0cd55dcd45cf98c9edf38109fb97ff2483db67cf193857c0e6ec1704e2

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
c3cc99f2fb1a82ee458e80e65b323567

SHA1
c504a3a5ef39c1648aae384732ee4d6964baa686

SHA256
12b26208d4f0db51b4447fec3982b60f5a9f4032ab1aa292475637a23037275f

SHA512
b49af9bfc8a1fb13980e680eb041f98256a68ca00be7e1f7d64edc184ed4c6b5ba4c7c15cbcba1b703359fabd579ce6838dd488d40733f45a478bc7cbab775ed

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
bf685f5fc8bb47b723903d5a2083fe0c

SHA1
5329291e1b77f3c00ae5be725e22a434d0701feb

SHA256
406c5a65250508dfc69e498846445b426e3b8f50a7d4954e5d4c8c9de573dcad

SHA512
dfb9dc78ae97713392270dcff9119725201df94eb987d8e4bda3ef03b807a3ab6b702dafc91cee6c604c32d98369be52a441e590291b0d68ff3507943c1b0b2a

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
bf80f91eb90520c69b3454920f7bdcd0

SHA1
f5d3bd6d5798d0475fd45c365150e0787312b8c4

SHA256
8d2346076a61df585cffe675eb89654ce04b0e93190e6f4da5d87c9107e124d1

SHA512
1d0a15485421ec73d155fa6f33064e4112bfca43ff4435c66f7fa8e5b65e46c1d1128ac271766adf5c969a45c73fb3c5191a1f74cb6fdc5f2ed5d3290906a694

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
6ef62d63d9f81fbfb3dc2a50fb9bf479

SHA1
6d9b66a4de74e3ff3a70cbfe79086b2da0cda42e

SHA256
23327ecd7851e7ab01814e3126c3b449c0204c063ca4b30eed0f4e07c035334e

SHA512
73c8024dcf003e672414c2e22c0a86eb634fcd57f3034df5c6d9af561546dc53abe385f633a9b89fad129a6634a3167c39a3229bd8dadcbb76d2fcf0e0c85ee2

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
450315f3f5251a46b6335fc33b2f785e

SHA1
3c0d1982896d699dffbad2f1209acae1fbd12f8f

SHA256
c9006bc3f23ae5af901014ac3a269d84db56bed6efb72368ca074468481009bb

SHA512
070ddfe662403783bc60228812a77f74a012d1cbfe568b5b8743f91ab1dc39063e1c1f2eb89387dd5265ae25b490ee7843f8d253ac1b93e01ac35370b4219cfa

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
347db7e711fef57a870fa502781f904c

SHA1
e8c95eed6b085d9bcc15b9bd16fc0e6c69827a55

SHA256
6b222a04d70f23d34537621d00341e67ab99784a0b6ce741233ef5717c8e802f

SHA512
c36478d336613a023a9cb51d52cfd01045c0b70285f755a2db0fb014aac868fb24db00caa07df09e59ac8981c1631fd47ebcd25d59e036cfe993978f508fc65c

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
9a410fe74d9aa4a9a620fb5bffb81720

SHA1
ca8941376f797783c83ed175b49a44f3aea51f67

SHA256
7f1aedcd7aab9f49e45249dbbd71ff1cc5382036527ea7cc0513b3102628f073

SHA512
c8a1204570172f099c4ae06c9fdbf593805ab4d13ffe09b878191597ff32aba3b9843f65383c68fbdef9e86d1427d0a066e625594915adb1b89d15641067cacb

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
b74c5c82f4031e7d5c526b27049905ce

SHA1
d97f7a4b3060d265f106ea07fb1dbe15ba5e50c2

SHA256
874a1316b00149379b4609145c0a3ca9d281367f016a25a9f490180959cab085

SHA512
e7a6b25c186350dea9033215678d7c6e2177bba721a09e5f519abcad2df15cf12cae9699c89fb003daa4f8c663e477f80a6d99115d166ef39f3ef9b2d3420099

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
28fd096f189e281fc1bed9f7fb1fdb3b

SHA1
94d3876fd4e65d4f56e8fa3f0387dfe7be3f5a80

SHA256
26353df3aaaa0da3540417b9d6ae966f680a83127fa723afd11bb52ce7190ae6

SHA512
9b4e2e20019e2deb1382ec5f5a29eeb7624297b2fe06e8db2c4d536a18e5059619060a7578830cb1426cde417f89913cbce578027cdd2e92434f01912879d029

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
b91ba14abefcb51fddce5275c71934c7

SHA1
181c49aef7c980ed498484b15013561f58405360

SHA256
f7ca037df8d23ac0ae6070dba1f705af01ffffacef790ee24ea50776dc763bb8

SHA512
f7f6c88a8a7ba701462daab4ed14781cc6fba020029c617f03b63a338f99bd6b87a65a1d3bfac42dfaef8795ff57e42aa46fb298475297da0ff6d11f10f36859

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
7c8835ff0b420132d1c10b100eb49754

SHA1
b7da3775392f5dd84cf5476605bf651307df0d27

SHA256
9ab70c6eadf68c829869904126e7564dc675942d9c386668e14cd939b0730c6a

SHA512
bd8857fdc132ee575dbc5e96705c5ebd27033ca9c31d52712627cb2bd2ac9795d38daa05843446fc53bfc02845afd8a5286feb36a9501214e5dfac7718f5cb14

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
1bb0dff908e3adc0e99f1ac431c1cd72

SHA1
f1238c2fb0fdfe65cb662640d72406f0a3678785

SHA256
e56e10bf801b00a9fa667ff91fa71c999a03c82ee1e9fdfe8ebf9300ddf1db04

SHA512
67ca090b0c91313fce5e712822c3f86e129dec85619e5f3e8761c0f3a6290a959c814aacc17a675ef79811a9abef40ecb68163a68e6e947644bfcaa1e5e33141

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
3260bd7808a398a178cc4ba88dc3cef1

SHA1
e1701b0b04591dd203ef5959a4d489c6e6f7d9af

SHA256
6eab62da89159121aa47625430f5475bfd25ac502af55af754a1954b29cd91c7

SHA512
ea86cc059396176f685c830174937e5bdba2c39b2ba67a67cde49d6b2862753541758108d97fc8ec278f27c98d9adcf238d8ed4c2de7861d4e2b63cf64281dc6

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
180a8fd136233f9f303195b83acffcff

SHA1
6863a8a154b968ecd2990a295c7b3f9b7fec2dd2

SHA256
2a36428329f1b9cf8d5c3d117bc15100b39a0f480fe87c58843bc9ee5cf877ed

SHA512
2c8f8fc2c81f0734136c731015283217eccf1b4effc06eefc0615f12c8161dc3faa82ac54eec3adb65e205bfc47f7cc370416377e52e95cb5b1e3da60e351e22

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
76c70ce56546775b981fd6f51d5ab671

SHA1
f046496b6e25fcce004d2c9e3a116e40591c8e2f

SHA256
8511912096d38b759ed611d787be0ec418f1e060d65f56213866ac7a5210fdc7

SHA512
3a467f4fe1ab974256ce95ca1d279761b1925cd66cf02d344f2c4ef292bc42fb47d2bd77e94d19d82d39b83997b465cdf6b6645222fc92ea06fe1702082138d4

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
557e79d959dd4f878249b3f253d297d5

SHA1
f16cd1e7dbc4a4807863fbb17f51698c31ee2ac3

SHA256
aa43db3a91a466a882637a0a4db9587e34256e7766ac20443f201c63e244fec4

SHA512
14418e56b5d1498407c59beeb7d6ec874b06e3a4f4c911443e857a84cad096f618e1adbf0e0f60d31b402d975b0354bd3f86022156526fe5a3e207067e8de842

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
c810efe90d340eb41ec2757a5500989f

SHA1
d5edf8e95627fe184e02defe0d35e84dce8a2f1b

SHA256
96138243499cee2679529682021e00d142d1263b98cffda7597afe3dd7850074

SHA512
544ac4346aee3ebec57d354574a94fffe0f4116a0934268df0d33eb7f9eca7d27e706fe9342fcd7fcf18cb6d8945dd7a3124373fc2d7278a3c7b75de8244d60c

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
b3562788146703c1547461ae44c2e0ef

SHA1
c6c2fbff28e5cebe40ee0204f0cd54665bffa973

SHA256
21edde93c72ea4d4706936401358fcdbd2ee7eba9b0c61f01ca9a98e5be08d16

SHA512
0550ff726424cd0080ba45ec84734a06341728335f39b2fa2e686ad9ace0094aa3e6ada5dc20f0df3a9fbb812e7cd3db4d6d0bb995f81f17f9b85576a0d450ae

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
fc2a46701176ad0498674b5fc91f0e53

SHA1
fcb2c4a9fe3503373cce926c5ecb229233b44acf

SHA256
f371d8d157f1bb12f99404887be59453dd5370f8fdd380ce77851bfe76fff2ce

SHA512
be0e90be6e202f3893d0fbda50151d985368ec49e9a596e60180cd42b83bddd84010461c8345cbc94c36c55ac6dc6f8088ddcaeeaf55c0ada001fb847d8fddf7

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
5163b72134e3948bbfa9179559d3a8ef

SHA1
c9eee7abd7a13147bae4381075ba7616c79b19a4

SHA256
274276a5ef19fef0443d2ed1e837ab41030116e9cd2deaa0e9351c85c571f7db

SHA512
c44c0880b38a64ee3b965dcc39c139c3a441e7c28b1d23f6b549c9d1a300b55792963102b63de12d3a8e58bd9966b3043f4951a08ae72cc76535ba22c082bfd7

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
4f5798999ffd2cbc20e79a1a38ddc087

SHA1
00ed02d53d79714ad461a2b1c2c77ff9f0574bb9

SHA256
e3267809981d53219e62c24f13112035bc8682b313b48f572c1318027d2ac8bd

SHA512
1ff3a813e92df90750abb03bc1aa8471248dd1a297fc45d5fd21a06fbb3b1836536a57103731e32cedb256eb9dd3f5b430357ec5d59f0c6ae3cfe62926979a50

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
15eef542b16bc6ff6561cf24082d24a5

SHA1
b57dd14beb6c5a46a49543c6e0bdb7ca97c296b4

SHA256
5054779414ba7d68754d050a4495b21788217a3882d20e36947fa1d6f5b78043

SHA512
357f5b170b71b0a5ce37a4273fa44ea8ae87b2aa2696630b01180803c7ddc74e0ab060082d5e234345744dcf8a9860facc7a0e71a3ab4238af9d8c02e9953cdc

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
b16ef9eeab3e93fd27a4fa18bfc02c79

SHA1
c34da6b5b89648d3133299fc1d04e81015f8839b

SHA256
3fae596e6af18892701b7dfcb77b00e143c75ccaace9990632519e67f8ee3390

SHA512
fc0c4ab5f789b660fc74daefb59205babd822d179dec7d20b7136a37c24234941975f72e202db68023a3578b79bd67e4456676605f26d1df9c567a2bba18934b

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
a79f0667cf48fa92a8a6025d75ea8cc8

SHA1
89a39e42d550cd43a191b9ed7b8cd50127183d42

SHA256
9f2df964d33e7565c4b2b3389bee6acea4126567c650333fb376924c6e70fe66

SHA512
35cbf3ef6275a0160c1cdfedb417acdf7d1aaa395164dd1333d884de7f365b65cb7c3193a2bb949d5fb7c29465ca9dfddcb5c8d44b72b9609ea33f0f3e13ef2f

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
10264efd15a1e7b76e28b48c5a32adac

SHA1
03065e0963ca035cb3e71592fbd71ae286fbbae3

SHA256
6292179fe7b6320cb22e5be8413a694534f80bef625d0040557fc1a13a7fb760

SHA512
8e4811cf9a08ca0361d3d54f421649c352b87978b5aa75397ea77af78dc8717abf93362d638d4d7ab05563380c4e98a695ddc6fa8234588e7304ceff20b67b26

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
aca71719cd800b379ce292a92a619351

SHA1
a0274500d23890c62d79a06c747ee4a7282617d2

SHA256
4db14d37c8bff9ab55ae252834c3feabbb357fa8e8d33908ef3fb149ebc23937

SHA512
74ef1b9145a7347285089d0e7364d29a22047740062f0c25ef50fb20aa23437448893d2a98ca80e570cc746600760a161c31cf2bc807c37ec4b1514688ddc232

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
80d541ec3724f8bd64743ad9d1d91ebb

SHA1
12608121a103905c9461ab234de6891e9a1a8ade

SHA256
eb965fa250ea261dd1dec535d55e7f1b5052b1be40b04d0137bae5394d28cc85

SHA512
a7b4de6bb7d7df65433f802f28837e8b9b0e639f9e909998dfd100c32c924094b7220e707034d3d6384d3273b404c8fe9ab4fdc1ced624960d4ac3c84a9ad44a

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
16b4849220ddc014000b25fea21d7c3b

SHA1
0010a3764fa86d32e6c7f51a1a090d42a4eb2b41

SHA256
6f1173c5721c40272795720079a2c52ed9ef84b47d3f19c0ffd47a93fb8b3c8e

SHA512
5702ce6d1b2d326aa2a8a9910c1ce02ea842339c036792c117ae717de79ca1d817ee6730878df4b3badf33cd7347802cf063939fc09321e025f66dda8b3c1ffd

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
5f05a1a29ef5f9c8391b7d71a9cf2724

SHA1
b2cf2fdc30e266c2e2144f3f9c9866df1f99491e

SHA256
96ce6b6dfe5c3720a542902b9acbb4999e3f76fc2bbaaa45d12542457fcef195

SHA512
b1cd199c71b54b232f7917e88f6874e03b6f5cff403bd36c7c001655b50bafdb3bd9ac4f25c530168ca33ef7a257d6afec9324c34986981117c0851118d36ea3

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
db7fc0c7f8fea4f6654933adb7167d99

SHA1
029ababc31c3579009d192c6ccd3fe3365078bd7

SHA256
7effa25675fcd1b72858806982d8040680617a6cd9ecd6f85bdee40acc726dc4

SHA512
1ee78a85fef912f7c7b8cfd6514802d6a3f5acc95a0e08ebe59ad182cd29b373cc6b0531395dbceccea9de87f183c1fc8d4ebca4e42fb0428d0c22737c408a4c

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
b7915c71d0930f197abc073d4de32905

SHA1
f3800ae9139b79f2b2fd3569a5ae9af264cca3ed

SHA256
5e41325cdfd52e93da95f8625a933e09e1d796646720cf1df3f2a9514095c30c

SHA512
8d66cd5de306da51167c8d1df73db78d4b9a8441f2cfa165c5613a031db12fe86419cb1ede0205b068a3ec4fcc1ea4df28d444bcbba531abc607a54eb8d9506a

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
664ce8cf05a9c48fe3841e3daf81d4e9

SHA1
5b3a1361db41e98a1d0d6a861a677b944b8abd08

SHA256
59f5d47ddd8b0904055a1aa518be72a1d67e35bc38960cee38b79f9043d474ad

SHA512
e7674206d8f7a4d91ab97b63eb5111f6e316ec442b10f752723b0e1564a52d3cf757df05a92fb57b13e7459af9f5629ef5c03b274439872c2c51e3843f32fee8

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
7a8886b05fd46e0800b0eb3fc7c01646

SHA1
115f70692a740f984dea4675a571608ce2607dbb

SHA256
b5cd85dde8d4a9651ae1b151c2663cf098e57359edb466952617b2a2305cfc38

SHA512
91704ceaabda66b0ffab62b4f24bcc55179242383aa7404d51f73e8d4bd64d73d133ecb3da30e6f581d09d73b358a63ad85a8bf2f8418f18e465b8400aa26c09

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
5cd86dfff5ae31c5090a2e48433793f5

SHA1
03280dba4be669cdc433b0d13e049f182c566a50

SHA256
4c461c22380e0cd4822003e828a3d87b8a59a2cdb3cc0ec776510c388a11778c

SHA512
b6f43f90da9058b87f6228fee2a49d56839c32748df4e08ce5e9c989c8c55f3ff6a23a385090c81d5957a575d09d86952aa940894aa3fac85a956a07ea548eaa

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
6bf25fa2f99553e1f4e9fe4ba0de9a9c

SHA1
4d74ae57ab7f66b864af226607c57f394e3eb0d9

SHA256
1e23bae145b8da7a72953f86ea44202fc7bb25e15bda334fa1624c4be2364d35

SHA512
4a390049a4041713e90ae49d01473b26ebecbc987d34717f69b2dc0e338da09acf69243e079d21f6e5a39a7a61af7c5ae26b4ca30a01502d12d6f951b73c0a81

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
91c344818c98c556905e941b0bf46223

SHA1
8874058a815b70ff8b228e6131b5bf741e5a2adf

SHA256
f2610b49a10567165e20d826aa65d5d9995e59a184cf90a34a0e7bc2eb172f74

SHA512
bf9fa1a6f6502f8ec8855bbb17cd4f505e6ce5d1f856c6eea0bcff0a05e34294b1262ab34f0822fe1b1a4841c12babc51e1f0b4dcdf88dcf4e74d322f86681ef

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
0a6d175bb8aff8184fe43a820dca43fa

SHA1
10ec25d17280220c504d234a13876f126e668c91

SHA256
7324cb94bc3ab3a0a58f3bc9f1967a2d8fcbe0e580a7ed5cefbae5d4d8f1e519

SHA512
8820c2b4d84a27816e30189e3fa93955d4e9edeba7acc14d38ddebc36edd09e6d60f216808587e271e9d9b5e1ad1bfe79db6b9f19a5572929cd7a46361956980

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
33debe8cc89aa1e0e7a0fec0bdfd466c

SHA1
9816e1b39d6cc406c6a437e3aae0ee47fe7418d1

SHA256
d58f7f4645f67263c5bd20947d8ce04fba70d2bb2706a1a7ada83e8b5a984dad

SHA512
1ad4e119dca4a2fb1789db226b9a46e5420754c493a5ebb3a36f29cd3df9ea15867a8330facef52259909733b718644b7854ad66955077ea5db90326f4f0c107

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
df383258b73734b9b1c8076104437de7

SHA1
38cd7418dab6d2d0835ae31ed4f03ab994a3ab3c

SHA256
0183591bda74396c59a566796d505d6047ae105521920c12eb3bf133cb1c3c59

SHA512
67003d7c98da13a07d7972b164986fc10f5593223efeb57523522d4f7dde311c56f019a7346114b037e208becc8c9f898e0080286ff33b9b0cc16e07514a026e

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
671eebac0a41e488f8dea96eae85a811

SHA1
09d293ee3e5ab5ab5df081feda82047ddf0fdc2f

SHA256
e103696eca586d1bee0c42d47511d81c5acf77eea7ff8a321ed339c4a6312e85

SHA512
12668b8c0c29c503f08fb9db94fc3ec2673a9402d8d4d857d8e0ab642cd1267f3ca158e16acaf0c01b91123fba3e4328c913dcda097b148bc66da7747cede79a

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
b9526bf022c358ea912fde077f074b79

SHA1
32001f46c2a7801b8b76be0bb25611eab00498ab

SHA256
060cc160e5c7d117504714f4ec5670ef20b2d8da9ad39819fd165c979931e816

SHA512
fae54b0d25ada9a84448a497437d1c3d00f19226d7fbc84bb9c71129a8a2e93853d81cd4a9ae42cbd946a3dbbe0c4f45b788422e7d1ef97792645a22ffa1afc5

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
498d0409952a1ecd9db85788c2055f43

SHA1
1094c08aa0d208e5e95d4f3cdc9892ff3fb4f99d

SHA256
9910c7b9cca7dc5269171a599ec7b22ca7d6c73c9128bfed59f19b2aa22b0b7d

SHA512
712f0fa964c4dc2965c66a552a3d46f82ebe97b925708cd105057ea7577f569f1df69dac2324c38ebd005e4e6dfa2e3306eefc6f605f01c847a97349cb737d70

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
f8334e5c681d6df040aede107d4946ff

SHA1
6948b79259f45ca15db26696d59937e49842d4ea

SHA256
93b4940342140580e1ec56a783d682d0966fb56e53afd6acf19f24b4f623d2c6

SHA512
93f9a2842d0324c77055f9db61bebdba176a091df7615866e73b8737827d5e4c81eca7eb4639b3ae6c0d60d0e887b0de89d257a74fa7d398d63cc5cd82de24a3

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
3f34cf4549e17d6e3c47a3c9518a3fd1

SHA1
484578e12fad5cfa76597a326ed648d176a4477f

SHA256
8570c4949e8d946b2954fa6c9be049f529725326432dd8ba83837463381bfe3a

SHA512
af62715cc8be05c62fa00487442b984000e7fe8e3bfbc9da3f147ceb7894e6dc835b19dff6aba59170132a84b45315ace1de5824fa6eeca5c21ca28e70ccf235

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
851fbf2c3882f69b0e1cfc09a8de3c71

SHA1
3c037f621fbc92a3f67753bc5c9faa7109e46b03

SHA256
969f6a4a0d461d5986343fc4c602f1695020a73d36106ccef82ab80d3e22f832

SHA512
e5c85a3002b96ed67f7ee9a1381f55e7f49bc4444c849fc4e5b464dc6f8046cd864cf0c167e2585467e88d91908bbc178e3c8fd15b3ced6e5ad0ba1e6a9ebbc1

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
4bff087cb71260030517af0c620d853f

SHA1
a05aad33d2ae76a24b98e6fc013dc7440737b635

SHA256
5a445c14f48752709e367fe9f06c64d57ee78dcc826bb5c60d00d701f0950942

SHA512
c4087eec2e8f90092e6023961941dddac834d04c04a8b6b5775e2e6fc84c6ad0decc23d8e6a2b572055df026efaa384e7e1c013540ef97e2ea75b62a950bcf7f

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
009797ff64e2b0798c7e6aeefd33128d

SHA1
6af0aa78e3e6f5a4956560f2139171e678b981fc

SHA256
31df7051fb21a16c5d64bc69edce173e37b6351ec1504bb7bcdf825e72fffd82

SHA512
1bf49219ba2aa61cc6a55af264434e6db9a97847bc03e8252ef837660049bfd56e7320c639a068b06af27890e7f2c0daf906ce7e93d501460cdb85154bd1308b

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
b78c8bad7b761ce4cf89612ab4bc918f

SHA1
d42d8a2d3b7b81d6c397f67d6ac435f4e0bdc5b3

SHA256
3e4e120fdbce1101ffd792f2555d30ae114466cb2d20829736b02d5cd7f35efe

SHA512
e8f82b110085e42ac3214b0530dea40fa5bd4432dfbeb5ed065dfa911fc420285e6699d741a23e73b9c3d4abcee588015870527cc75acbbcf5fad9f7ace497f2

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
3bacb8d13f9d6937d97b5be2341d8c87

SHA1
e05807b0bec4873279d5133c936a3bed0a982e40

SHA256
7f10b3417d75bca71e9e554ea19047ae02b2d931a7ab692f4613137f28880e21

SHA512
6c39f98745efb85c9965e4865f1e9cdb487ef69f09f5d4b55798cac1ca1a5d00d8ee66f47d3735e97280337f52b09a3bbaccca9ae6947b0e233bcbc9fbd90c70

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
19d23aeedf6d08474008e715f9a8103d

SHA1
f7748725df5a48b375692981c68ef985788fff62

SHA256
29ac307a677c29279ee81d6e0786fa73cb8eabb7e5a51771885857068e7a10b3

SHA512
a634eed64f2cf77f9bc84665326e67e0cb65985b84f6ed6eb7dd4e3145d4e32b38a34c8199c074500ef4c603017da776afacc3c3042fa2bee7df7ec1a17624c2

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
706dad945d5c177b064905dc1fd0a2bf

SHA1
af3acc2ab8124c1ef19ab7d0b472d92035c87481

SHA256
a59bfb08e7bb1600d959b7f3de56469313ea6691fd45ca80cab411cb27f1b57d

SHA512
9ae5aa4dd92d0e92621ca84739a7e59c5a74fef813017d9b59d8992a1ce90e818035923cf2804e49c61c685fa2e96832865550461408e7ce2511fa3b91d8359e

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
1759fb8a1638a29c691b565db8cb1826

SHA1
514cf30c39af74533f8d3d41ffee678529b3d099

SHA256
7acb829c6c8483134c45956ae525e0a6172fa03b75997505715c0d61d0e3ada2

SHA512
9af0958c14688d131ae5f3f2ef563dbbcc8e9d7c1623d086e8107a8281c4f138f700505343bd60b297981e7c21fde779eee6cde1c3ddeaa30374720833982dea

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
412fbc69590754a039a8ccfc8c9cd9b0

SHA1
6340fd5d8c9f7574d95df648e30a0aa2355f6c82

SHA256
eb20e0c6b1021dc72587a28729043ecbcf8eb3086749f6e9a54bd63cee5a6ddc

SHA512
b3fbe827bde9eb1553151e97c13ecd66633c99077857e8a295b070c441b3ea1814c712230a7f1101a87857d39acdc698df96d03dfbb871bfc0ed27b0160a398c

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
56cbb8054bf45516fc9e9e7ba505b515

SHA1
9a833bff957181f4d8fd4307bc3e5122080caf96

SHA256
2f294d0bb04c9b242cf2a8d0f1908bd6a179ab6b74f81909c6bc406389ace327

SHA512
5510b9697dc333d81c3f33ecb67c8cf1f8ddfc1658a009709599d1322526c6fb1e668550ff7b3d1287bd094aeb3254f8aff0e8454e7fd5250e041011ed757f27

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
f4300019a1f99fa680d7ff3696d455c3

SHA1
6b7bcf026871ab3c6cff8bb6b14254d4dab03c18

SHA256
bfe9d0f3b0fbb00862b32930350650b5af1545b4e09fb133c55589930bf7261f

SHA512
a00aa243f332d3ccecaa6ee222eb190d039c6812cc4b3f70bb506491441b2bde7087f20c33b47b6f5120c6ec79757c376f8b2407ab087b600f2fb56974228c37

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
fdb409e119ae59ce70e8f4e07f0421bf

SHA1
eca98ac85a2d0e816e26d0a826114f084dd4186f

SHA256
857915017a48fe5ffcb0e3f7d45e05e946379b8a0e531e75ce4e3aa9b5ce4329

SHA512
9cddff06899bb4de02177c068672d7c74b86424c8d3784f160c03cce59732a93f7f544e14b39c3ec8a38eea763804ae8b6410b4c518b1e37b4cf98529564da8f

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
97c9bced5a8d247203d9e123d72d0f72

SHA1
476abf59967fd57e9055ec487b1ad1d15fafcd25

SHA256
58c9a79dd26d0254f138d43fb80a8b6d9d095b6f3b0248fdaa8ecb79c0ace21a

SHA512
8b0aa723c01b5101a1da99220a76043ddea71f60997364ecb989479e5836f1734d670ea3dc9657ad7fcc5532032fc05f3bfcab2a4af46607f9daf0f176dd2cd1

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
24ed9ccb4b4b8810bd93d15170ce0e6b

SHA1
c6e990709399c55dcd300bc4dca9ea5f2e92fcd3

SHA256
29968115fa47f5b547c999a8c130eae922100e981464f7cf896c62bca53e2a6c

SHA512
28f3c7aaa8dd565721cc669413994d6dada48b702976c349b6ff3497fa8313d809cb4695982158889a1cf0560e19550af22adfac366f77b2e00de138ba2fce5b

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
19d58b82b70fa91a287411464d93a4bb

SHA1
bab6d686fa80b00a987428de137869a52275ffd6

SHA256
fe685795b77c95ea094721ba2d12ff9d66803bd1bb0054a1cf99c6347842b03b

SHA512
7bf70cc19d177530e5b218348d98f9b4e18a1cc9a3fe561ede5160dc217e674886e84b570281f481923992e0cf2b607bd1fe7875fc95c1c6f9d9147202e9f2d5

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
02cc84170542be895a890dddacf309d4

SHA1
f824e47f39f64e96c456795456f6ee1501cb1059

SHA256
103863a64e372593e300688908e6289fea0489370bf6b0ad770e05c0045c56f8

SHA512
96e34c6c8a9d01f62d2ea6f924828e8aab583cd835cd4ae32c618794cc9f2a572d3bb4a7bdb445ee06de06d02ffd8258a78a61ea70bdb5267b58ea0545dd8922

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
389b4f140723006a18d783e94c4cda6c

SHA1
4e1d1077cc5307917949c6721edc3cd940134e4e

SHA256
74e7e18952d593a66b6d01f0664ec27f04277990395128d649a0722b1b3525d2

SHA512
ac07dd8ab7da4869f9d1b74ded708ef326f2c273a3289d0b988087b268212d458f502cb8d6c60f92839fabc5cd3f9280571a4db497626809a3d2e7b01c70535f

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
b0c5ea44c999ee3d305739f4ffb047c2

SHA1
e4940402586e90d284be91916867d74631e827f5

SHA256
42d884db8d271c8a7fd6580447b1a3e57dbb4a9085c2b4fbaf7527131f2bf9cf

SHA512
0bcf5f1eef252c47d6bfae6d559578bae996534047f0d644630957f9fc9e9df3f605c5a0c5256336906775e34a95e65d25d35a1ba9b3886f8eae94ddf08cd5e4

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
2236165aa9901a085c674a8fe31e2bac

SHA1
e81d63c5720a4893204e1e3ec93f3980b48830aa

SHA256
7ee08debc10c83092b43bd69e7bb7a60d0a2b7ac5780fd4a0f9cc2dc61872f95

SHA512
99438fe4f243d5540ed4de2dbe1b03abfeeaa9c1696cf1653dc4c82fda79b9ffecdfe68342c33098cead87b511fdd25a0d654b2b44235250ad7fa47c104480d4

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
608132aa711b2cf6131b58438610940d

SHA1
75e64cb60de0243630a9addd8dc1c2d35177d892

SHA256
917e795454d5685423fec286203fdaa7a1fb6c1b51587b0aae97953c248a9cb9

SHA512
53ca5166deb918d6408ade6d3279cfe947871176cc34c7776e26e889405af1d6bdf18bdd9b6ab32d7b69f9288f99ad9c3d7229e89f7ec512c5b12875cd0b8ec0

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
a07132abc4320f4a909aafdfeb083fb4

SHA1
f73836c5133ce0a15b06c868d44112b496834e8d

SHA256
68b5100cf4874e49b0dd41810e1b8cbf3c3821843cd714cae3a018dd405639fc

SHA512
645745c39687e226479216befd857be754a0b7343fdd5a00f0d98a808299410a34447d46d2467e4cddd8ce7637b218d46e129d3485c990f3511d0dd9b4d331fa

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
7818e16501589bb1b14e434b9c9755ff

SHA1
e22d8fdef02ef2086be8ba563c431f3718ff6057

SHA256
03b85fc7a22d0e5a60a10991d0569b1b2abc5db1434dcaf76fc6f1bfe783f20e

SHA512
af3390cfdbb3279acf64c098e63da5452269ea1a3c560e1fb08a642201f4d6cffb02dc61c9a09e8fab6ba8d1d46d35c1cba15211a4c9e9cfcb537a91d7b963c3

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
67a38d0e62d0103a14faae813d13f748

SHA1
7f41f00fc821ea7e1487964f937fe023a1ff71a9

SHA256
abca52ab86b3def89c5085f12bb70b3093719ee1ce4f25efaa854a92094977e7

SHA512
64f5d777471e754e23f9b99e6dbeae9be153f20632f9674537226856193c4520aba4c2c81a66890f0c046ca0f6a6a22ccfc1073391502b36453d071e80309837

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
0515451e8f6826e048b1eecda0f2427f

SHA1
0458cadbb45b92387f095e5f1f5a3e6a5bb9b782

SHA256
a6a051a6dc6d85d7e45dd4d6b9cee69054e4ac874524b26a85669f7bba4c2b57

SHA512
49591824801e3eeb5329aa1483d9202e1128b95bbd7dcbdee7b1a6b8dddb1fdbf66bd308ca669c81ca059076ee1cc6b2e074a638c8d79220f7fd4adc9d4663cf

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
9373aee5abc954d31dcb67778604319a

SHA1
ca53e3f27e4756e694985dd6484c5a8150430245

SHA256
4bd4f9af7ea39320b3c3b5cbe7e136bf8dd09d7380a9fd531b9a31306804b9a0

SHA512
af225e305036ef6e96f0edf4e911c50502f2f920169b026412d87598ab18a66bf7bacd9d2be8fd4ac560be88c51be869f39bcdfed68dbabc5df59b8321c416c7

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
a2f60221972663374d0560feee46084a

SHA1
43d298549787bc2d9c3fa9e7eea340374bc6d5e2

SHA256
ac94fb82d3bc764c8e8a2032c973fd5324354901635ac2d009a78c6c43c1228b

SHA512
dddcbc2daa67e49f5f42c19ba2e22a133c757b14c6f5ea50fcf5389a68ae07f3348126c230c7a30b15af25703c78f36f656ac255a9148fb4797213696592b312

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
89a2c77140074888f438b719c4a5ae8e

SHA1
e43809fdaf1862773bb07658fdf406a43682baaa

SHA256
5904c5a7979b844a3cdf84e76649e9fc93ebf0111da4b09e4562367ebb319a10

SHA512
84385964d82eb4c225226c684a2f3007a8737a2f72c088b8e26b06f8fa3ffeeeba6a034265cb7d7d74900c9d9c62683652225193f11481e071b08d2eb8c253e1

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
a33a63886773fe6da401dd9d09462a1c

SHA1
3a674bc6b7e006ba77010868cef635acb7bc7ac6

SHA256
1f8dca64a9df46d1d3914f202db1fda5b7cd8b4ec8b83f687a8f73a62896cda7

SHA512
d403b87cd8878d5875c71fd143b9392408a83ac957925702b9af24bc6b5c0d11db9b5dcb514b812c8e48f0ddb8cae03612d9f9e44e0c2c1ac42882ee67b8e913

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
af4495a131cfdf763c7692e7a48e4025

SHA1
3453a15be657e2e793a762d2059302eeba814d3b

SHA256
8b12e9e39d1613669fc80aba31f25ef8c327f6c71ef3e4c99012787693ebaf9b

SHA512
8b2fff686d83cc1625095156f6a3e183987a6de93bf525a7a54a3957919f7597a603f18971c4a65a64d23fea5ee63f5115d33206cff3680d6f78256e02c4d467

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
da8b360479a1d13349a13fe4a6ec7c67

SHA1
c45bc65cde03119af2a55175328733b373ffb5d0

SHA256
f099cc19e1ec14f33a930e85673aac765b9e28e478f69682da08bda804a80c56

SHA512
807a69d65e0802be94c018b7b1ed036214173683dd743728e5fbe1f9cd3d40a1841a0b2746ef89ad1f2c5cac2aaaf61b03bbea917b1534abe5b9139ec750be6b

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
3f844cc5427640346edb8fc3b5df5963

SHA1
a87b80f7543d98055e9b6d32bfcfbc898426d7b3

SHA256
1ab0aa866f148b61fcf921fa64cf2a20e684631e927fe1508e5d255765351aab

SHA512
0f29e8f150fc267dc486a32090069a42e835ce1726d382b49da8d78825cbb1a2e5bda264465fa3784c26e63efea440da915ed7442c0a0478517d49805c52ee6b

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
8590855757985eee1651092b68c69892

SHA1
c0897f095b1997188b1fc0ab845a37029dbeb906

SHA256
bb4f8111c835ef8f2842114d3f32771eac449596950e6362033ffa429ff2ec5c

SHA512
a06cea16552ecd49b54fcffab477feb788b75bbd82888ffa21ce862265844568fcd1f592cb45da39d88d762905515c5b2da6cdf01086c4da8f7aaaea77eed104

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
a3bb652b3de1c5c656caf022f2d21924

SHA1
968cb133f937134ac433dcf9bec1ab66be54be40

SHA256
b11e8cf395e68a58a21d778074b64f6f924f67fc18fcce3425f97369fe8e9c69

SHA512
e5a65b6491c8ba39aa2e57fa24124e1c7c922ff3cebca0de203ac0deeab872973703a0210789b89ddb8de41c50f15a76a13357a24f6d8538c5c78eb1ab5b9b71

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
1b9682a231aa2526301aba1c3af10438

SHA1
984175d39f9d33528804c39fd84c5ed253b8b9d5

SHA256
2de33b8af3032b51c15bda1abf5139140f2303cf999be26e0ab8cf7fd046afa1

SHA512
15b41c807aa310bcdc9f2a017702ee3a44c91c43032d22355efe8fa9bfba26eaf18be3f67f84112ed2b5a36fdd0e204f4799a939be4942bf701f16da37964af8

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
d1fdba94bf752d7707b4e97d7cb0865f

SHA1
73c9085ee3354c40768cec453c50ea60c55d4da4

SHA256
b280cb90a53266709f8f8af39a29e28fb2e387a71d6a6ea9a60ee2c4ebea046a

SHA512
ff97e83f5db4efe05a562ff723afb2d0145c64347a50eecfab0ad738845950d13a20d5bb19aab78737a3c4c2d9f95acb39f12f20f1ecff152e05200eb7205603

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
9f4ae390aba758730c2c2e962c5a90ca

SHA1
1a613d24d09777d42977877cf85e4c5d29759278

SHA256
bc9f2524253bbd619db4b6c580072aef10190b517ea9b68b44adff120268cc32

SHA512
e2afc9eb4144e944355a3f23716567ca435aacb1782d340182d33c86f5f351037f1b7a819a821485b7089659ec06190b05beffd220ef94caa0fdd7cb64563efb

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
46cdf61236e7c4fbcc1a695dc7d0f111

SHA1
2760bd7aa79cef5705309d9421408faa6a284d5b

SHA256
8d21976010407c3bea9f9972c69040ebcfc2c5e9df54a4ade8b99b3b494a743a

SHA512
825b8a89c8f7b28ff6d9eb6229b0a99a735cbc31b386f52759d0a15fbb0fc5fb37707626ee033b2fcd097b31d084b67684f2cc7bdfe60ff827902855cbf95536

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
cfdacf2278900407e67134353fc86874

SHA1
c82f7b2fa8a6b24844dc3ad866c0a0d43db9595f

SHA256
bea12484831585fe9f1988aee95de0df16824d041c3a96a85fb1d250489a2fcf

SHA512
a36189201a0c26cde42a290f250811a71b0988e92961c98d4b5029a6525b995248298714896cc2fc695702b2d482f203cb0cd7e00095137659c0d9f6e08cd70e

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
9f61147723a8e9257f49871ac43dad74

SHA1
a6386b95239d8dc35ee97517c5bcc763f1307041

SHA256
2d91bfea3e913d7bd7141af867f26360c48a946273fdbbab651a8d9a4c7329f6

SHA512
3da710380434f4a0afeb63fc818441c5de93b19b1a35dd53edb017cf640b3331ac59c0285a5d9635af31016182e7d90bb3dee14213b5a171004eb1d5428486e2

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
11006ceec5a6c309d62d889c2948ddff

SHA1
86d9906312f7bc90d8bf251cb70214015ac40e66

SHA256
e5a570d89d1a8f02ac792842e8205e81ae32916273b701e5afcd37f7fa70ac31

SHA512
220d4ef25a7cd0021cf4f5f73c160a3c4f6e5fc78e9626749811f7dbfe9cf4c0cb006be79b422c0d2c8cab739f317c24e2dcf6c75a7dc8485357e7f83b0efa58

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\bacdau.lnk

Filesize
1KB

MD5
8c1bc4cac40a418f9fafe7e6c6b6d3e5

SHA1
2d98607376318c47e26da79c58e8e2e51430b3d3

SHA256
67d591b565f7b8ea7c2fd7ed64459ed278f9c88f5f91146e808d5235ea47de74

SHA512
884a4995da2f2603473504848d4aef00ef1ca037d524dd0e2c98bd9cac35e6eb0ea8cd6ced3135f7f51d6d75aaa62f685cce60a7fed27ba8dac593fa412d93fb

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\app_down\1\Inst.dll.zip

Filesize
227KB

MD5
9e33646f792d18e8d320d421d0e86f91

SHA1
eaa4b940bb6fde1e5ef6d1d20fff5eae61a8a30c

SHA256
35f5b313dff7e4c899b05c76c3fd1b7c53bf40315ebdf88c67c97a71ad502470

SHA512
2d14ce60618e6c016157a28b7e316e608cc5a6ada5cb3dc0fd1b1890b8e1a9dc997085fed8a38bfb2b1774f7acc7ccfe0cb3716ac09aec453cd7ff05c7d9f040

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\app_down\1\Inst.dll.zip

Filesize
227KB

MD5
5368e94fa49f85a643340eae76e54c11

SHA1
e9fc8414f8c761b4fa3167198405e01615db989f

SHA256
4b53ccdee93181100c259a8201e3bb18725ddd7871cbad825cd3c0ac7d9ea30a

SHA512
f4cb08ae220488014a1f3bdb913d5b5f9492fe661e2f03bae0e5f44a7f593e11cccc78b5c84897732103f8b749656cb51f16ffa8b1ce6d982379f24e203943e2

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\app_down\1\Inst64.dll.zip

Filesize
256KB

MD5
09bbdd347d001c2fa5f9a93fa24a1557

SHA1
9866c4ebf02d0ec14f7e98c267e2d8a97c2e0075

SHA256
7f6a4740d4c51744adae6e6c629b39b20b9eabde064005ac4da7a1d00d9e0d3e

SHA512
a10ce8fdac3af65476ca8fdc604f4e570eaf7e1847d25c7613bd9dd188dd5011d5287ad489451c0a2dd63943da5c4b36fc37575c3320551033073afd642c269b

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\app_down\1\appupdatelib.dll.zip

Filesize
163KB

MD5
24b897c3ba73e95401d89f405d52d4d9

SHA1
81e709c4ef269b06639c5cff315056ae39d7c749

SHA256
bc050c5acd822fa603b2659d3a1861fa1127a5441743b69eb83bf4e76bffe6ce

SHA512
6ccc0a8093f1ba45995ebc5bda836fddc8edac438e9fdf43c78e35973596c9022112f2f57840267fa919061c524a29a2f1d1082fd7e68f0d5e7d1e59b4f95c7f

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\app_down\1\appupdatelib.dll.zip

Filesize
163KB

MD5
b544fdb8ed32f63bc866c34f5f784e27

SHA1
d5d93e2c968aee66618931029c53c5dbaffd6579

SHA256
41ef8a7cbad8b57b8a22d4b489a113053ff91b101218ef44e90333460d98f7ae

SHA512
6eef5930593718a6e1a913373b11ebb62c8b1033ab72b6010abd6cb7005162a770a9d7fb2ca67a48acafe797498e867ec4f5a3bb2267f89369cf97f12858fc51

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\app_down\1\appupdatelib64.dll.zip

Filesize
194KB

MD5
6b5b4829006c8c8be42b14ae0cad1a5a

SHA1
6b6f9a5580dbfa53c09038f26c98e30327396c63

SHA256
a13abdf623be0bceec89a79427104e128018c245bb4d76368418d537be408ddb

SHA512
f1dc110452d1c61c6dc464ce85a41c79230fb92ae5e6038c3ffc8b1f9dea8eb47b449c72d645a698a3a3665cfe857ecf066de9949a5395cfeb5cfb6c2b972d1b

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\app_down\1\appupdatelib64.dll.zip

Filesize
194KB

MD5
2e8dbd4025bd89af0cb59d4b32f21d8e

SHA1
07028b321f3f8491c27917ab23e1eea4db4278f8

SHA256
49dfe11d102cbff04dac3a73491c0d24968cb522bb23c4f99c0e78cc6e1a50d6

SHA512
36250fc011adcf87c495c33b13bc0a4076d1c3f1cd5c87d2a3747374adf4df4c8276199ad7d53d27edf1bce320c978a6fe3c0309451cc7cf4c267c7d45281bd6

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\app_down\1\local.dat.zip

Filesize
277B

MD5
1240ee97fcc39cfb374ad71d463eac5c

SHA1
2d4652ae04561cd5e9e1087bb0279c09ff3b041f

SHA256
e973603e6d29ec5f1fce5ddb9632b22f374d22884eca3b00572c2c4a3fb4ac20

SHA512
e9cbe31873245517c33d503727c60c9f04f90b62bf0a4337d706ac6282613f7c401b39dfbff5d8c9216ebafdc5134cf015afcaa2edce6038b730fac651f2a6e0

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\app_down\1\nvi.dll.zip

Filesize
109KB

MD5
67cfda43ab528e12a46745fe07fd6833

SHA1
83afeb4a51f28576a320158ab8309b5e3949cb59

SHA256
c4e1b4a132f9f786c6a2081529b4826dd56d06d80b5c9b1c628571b93b419ea2

SHA512
da1cdcedd09271a9fd9b71266a849643d27299653f8b858d0ae31c02bc94da77f8abf53259bdf9e964baa84f4eabe8c8106bca4c638838baf451680db450cb32

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\app_down\1\nvi.dll.zip

Filesize
109KB

MD5
00c52a314054a09ba8e3382e22e08d2d

SHA1
bd2ace1b709ccb6ace838267ec9bc1fe6110e042

SHA256
ee44ea7b0a582d69e6ba38174b86ab5efe97267c0ae3c9214d387e6f5eb285f2

SHA512
4c91ae831182a169337c19f3d3d9ce1c98a412bdbbb8d1b56b49389f19b873ff2507a36248198abde3afaab26cc30e4e2b98aafce042ae6ca5531da12811d369

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\app_down\1\nvi64.dll.zip

Filesize
121KB

MD5
c181ce250513ee3a2d885bf49618ca95

SHA1
16f4248f6e9ccce8eff4b571b9beeb1f980675e2

SHA256
e92b0d95126aabcadb814ef2bcf623855177591f2f709930dc6a2f3896427df0

SHA512
25a9a1a072f9603d22db205c915bdafa46605705e7f377f089f069c3df843da9991432df921da472be5fbfc0b7f84ebab3fc71204988e9269c01d04e3f08eaf7

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\app_down\1\nvi64.dll.zip

Filesize
121KB

MD5
497343c04970af0c06338435f9d2feca

SHA1
ca7c81576f5b30bd7f044e329967197f882b0043

SHA256
7a28ae82f142fa6042c4f64263614d25feaba7e84ddf89c530c0ebc5fd752cad

SHA512
fd5511fed9c2a6d0391f854363233e79c30aa473fd41d464fd152269c5a7fd743d9669e8ca6924b7af3459ea4d8a55ebb79a42926f1134613581b6131cfec3f2

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\app_down\1\nvihp.dll.zip

Filesize
121KB

MD5
a8d7d38b1e8b465b46dd5ccf64ae8738

SHA1
8643a06d7ad40e3a89fa548ce26bbe7212d31cac

SHA256
2457085c1b5d0eb2badfd885fd935c9c4f3004cfb12ad46f7e7e3f83b07de76e

SHA512
2cd6b4886bc50f5b221645aadb1876f9ccdc67db46b70d4d7cb38730709a6d434447134adf91db4f0c55c3bea0c078a089a7b7ad2f974e007b1c4b5f1791aaa3

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\app_down\1\nvihp64.dll.zip

Filesize
133KB

MD5
9cdcad4274147dc2a6390995565b94a5

SHA1
3f4354ba1d84a32b664ba63ab6d6bae80f346532

SHA256
6d7ddf4cb30346912c3627c63aab4e6650cfd012db74e2d2ab827388fa7f811d

SHA512
7e7eb0f5d5cbff06f0d9191e322935e4a34891fc3aee74121bfb5f93edc8dca46065650b4cfdda2a6b52b2e9190e9528b7365969077619ada2318d41ea3921d8

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\app_down\1\nvihp64.dll.zip

Filesize
133KB

MD5
eac088bf451197755a03bf6f18d751b5

SHA1
e9418ca9c9ef8377a81eaf345c22ec4c28684a1d

SHA256
436f67cb27ff36fa03272283c47c550b1afa4913d1a3a86f887ceed0b0cd6447

SHA512
baa99f8bffda659c05f23b9aa979663131f1d12e4fd8be1aae8ff1b20483902c22b0f4ceeed905ae2d55bdd42a85af3d1489130d51012e67500d25fc8d86a185

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\app_down\1\openvi.exe.zip

Filesize
132KB

MD5
b58c430e86293a0752b3e166db71f549

SHA1
d6cb4218d54cf5cf603f8737ae6fd2c4df54231c

SHA256
e26d7b5dac90ed0c8c5a9f5f75e0c202ec82a9e01da8c8a3d98d0752c490b0f8

SHA512
1938a8676dad653672d70f0298ddcba50ff84ba0400e9620df4b2124a2d4242124fdab71a311bc97508a9d2bc89c5c92f3e9b2f436cf7350db521c6f6ff79735

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\app_down\1\updatepolicy.xml.zip

Filesize
335B

MD5
a4cb312a269634dd60c93b157b38b5b6

SHA1
818c009e9106b8da0b3632ea16c34f4557ce4114

SHA256
d1993e9d7fc7bde942a11a475d0b6b38a7c21b4d99fa783bda75c414f7a98696

SHA512
e3728394455723302841b403ba61774b31ba6413e4337781ef4f6cff478085bd96d82592c44c2cf17629a5113545b4e6cc056e76d056606c7fc347ef2d1255ba

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\clientupdate\config.xml

Filesize
320B

MD5
eaf21d79975b7c9ecc0dead865a47911

SHA1
3fbf3c09259b2b0abc74ab10dd4d582b2c7c7fc3

SHA256
9be13a9911a460901a10eba1321f7a2564e8530f6c2d3d4004018885f8eb51a8

SHA512
cb5cc7cbe472f279b0a2849c3bdcfe652480dc2e8d49b940fde2768e390c7f126b5ff9dd9af2c47153a6903ff8b7859441ef70747d910e357c602bf808ebdfa7

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\local.dat

Filesize
184B

MD5
515934c8bcc2406da8a735cef587a425

SHA1
c8840716e50a9450dc6d3840fe754bcb445bb96e

SHA256
2819fb6b8186e047e09b91fe5701681538dcb913a2bdcdadac93cce9b5b5dcde

SHA512
914c4b8586d55fbff9a7de6830f706082f34212ca6a70107759ec0fb91ccd24248331200b0c712fbdf1b349a1f7941cc44dc4c35b6f58dd6f8797bb40e568693

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\nvi.dat

Filesize
351B

MD5
97ed33eade5990bb91727edfafa4a381

SHA1
5db96beb7b5e3cc7a4ec19c5e59adb7e6eefff66

SHA256
b913ed8fb603f8cbacc927bf1b697040c456e591e589fa13ca5fd338c37c245d

SHA512
0e2acaf9840a008b02680a03b1e658ed0356e36b03e18da003de3fb2ae6697ec8c711c6d69a841e52fab291ba9a98b6dd42859037447c75e8c9d7d9f5b77a2aa

Download Submit
C:\Users\Admin\AppData\Roaming\webnavi\openvi.exe

Filesize
11.6MB

MD5
99dd194b2873b9f84af82562ea82f76e

SHA1
fccdfb8b701dcfcff516fe1b91e628aacae9d971

SHA256
4791757cfc6d155df21db4ae0470268e1f91328a7a88407c85b486d981999e4f

SHA512
03a40ec37d0ebb29e0ef7a5f6458887c38f27d8c0cc14f0f4f0edfc0a35cbe4b84dace9eba70e943904a83b4b599bf08aa9552b0e0f389ff6c894b29edca1ab4

Download Submit
C:\Users\Admin\Desktop\bacdau.nvi

Filesize
172B

MD5
0f3483390ecfafac8d9629e54bacfb16

SHA1
a2d1cf87d43e864763f58a184ed30a652ebc7dbf

SHA256
36d03466146092b6f0f315d7fed641a0b79834fa4fa69f13e5062864cacd0386

SHA512
2ef21cf0a9c462acb5a6eb0ef51572c30721aa67003e1918e0e55455ecd250980ee93d09028bb26d496dd25088dd84740dbc7f4cf1bce99711a4c9503f02e49f

Download Submit
memory/1016-28-0x0000000074B40000-0x0000000074B4A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads