xworm | cdc90f38b71f0b982d87b2a911f2c1a2ca9939ec880ecfce7f5e6101669e483f

Analysis

max time kernel
81s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
28-01-2025 12:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MoonXCrypter.exe
Size

7.1MB
MD5

8bd4830859e6d4ff593fd12689dd6c5f
SHA1

b32174b222cdd84854838d5b31796d8e05fc430d
SHA256

6bc29cb0c807de07a6d2b753691b03e13cb7b267ba4b24a3de567d65ab955207
SHA512

4546f43380be8e82d21bca9310769a7b18a7c6eac4cb3f2b39435bdf6c418cacb58706bb6db7ba770af54bb4dec5ee99e105528d5c165fad1bb26838532716d2
SSDEEP

98304:6jColtmW0fKeUzknPsi9rWlZroXKeWe54DzqGnl/Vxwt2camJ14lYWVDlx/BDyvq:6Plj0hUi9rWrQboqGnlNrS4lYqXJyi

Score

10^/10

xworm execution persistence rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

Mutex

EEarXqazEvX73BCq

Attributes

Install_directory
%AppData%
install_file
Chrome Update.exe
pastebin_url
https://pastebin.com/raw/RPPi3ByL

aes.plain

Signatures

Detect Xworm Payload 6 IoCs

resource	yara_rule
behavioral2/files/0x000c000000023b3f-6.dat	family_xworm
behavioral2/files/0x000a000000023ba2-25.dat	family_xworm
behavioral2/memory/3472-33-0x0000000000E90000-0x0000000000EBE000-memory.dmp	family_xworm
behavioral2/files/0x000b000000023ba3-27.dat	family_xworm
behavioral2/memory/2012-37-0x0000000000070000-0x000000000009C000-memory.dmp	family_xworm
behavioral2/memory/2892-38-0x00000000006B0000-0x00000000006D8000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Command and Scripting Interpreter: PowerShell 1 TTPs 8 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
1760	powershell.exe
4068	powershell.exe
4116	powershell.exe
3968	powershell.exe
2152	powershell.exe
5108	powershell.exe
2132	powershell.exe
2916	powershell.exe

Checks computer location settings 2 TTPs 64 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	OneDrive.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe

Drops startup file 6 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Chrome Update.lnk	Chrome Update.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive.lnk	OneDrive.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive.lnk	OneDrive.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msedge.lnk	msedge.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msedge.lnk	msedge.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Chrome Update.lnk	Chrome Update.exe

Executes dropped EXE 64 IoCs

pid	Process
3472	msedge.exe
2012	Chrome Update.exe
2892	OneDrive.exe
348	msedge.exe
3972	Chrome Update.exe
2976	OneDrive.exe
4212	msedge.exe
1884	Chrome Update.exe
2728	OneDrive.exe
3040	msedge.exe
3676	Chrome Update.exe
5072	OneDrive.exe
4824	msedge.exe
2408	Chrome Update.exe
4928	OneDrive.exe
3892	msedge.exe
4556	Chrome Update.exe
2532	OneDrive.exe
2360	msedge.exe
3672	Chrome Update.exe
1276	OneDrive.exe
4792	msedge.exe
4964	Chrome Update.exe
928	OneDrive.exe
4580	msedge.exe
1100	Chrome Update.exe
3556	OneDrive.exe
208	msedge.exe
1304	Chrome Update.exe
5092	OneDrive.exe
4280	msedge.exe
3876	Chrome Update.exe
2528	OneDrive.exe
1948	msedge.exe
1652	Chrome Update.exe
4632	OneDrive.exe
4056	msedge.exe
2220	Chrome Update.exe
4008	OneDrive.exe
3676	msedge.exe
2156	Chrome Update.exe
1348	OneDrive.exe
2416	msedge.exe
2712	Chrome Update.exe
2736	OneDrive.exe
5084	msedge.exe
4680	Chrome Update.exe
1308	OneDrive.exe
4132	msedge.exe
2108	Chrome Update.exe
3028	OneDrive.exe
2508	msedge.exe
2524	Chrome Update.exe
5036	OneDrive.exe
4128	msedge.exe
3156	Chrome Update.exe
2388	OneDrive.exe
3336	msedge.exe
4188	Chrome Update.exe
1956	OneDrive.exe
3516	msedge.exe
764	Chrome Update.exe
2408	OneDrive.exe
3196	msedge.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OneDrive = "C:\\ProgramData\\OneDrive.exe"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Chrome Update = "C:\\Users\\Admin\\AppData\\Roaming\\Chrome Update.exe"	Chrome Update.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 64 IoCs

Web Service

T1102

flow	ioc
62	pastebin.com
93	pastebin.com
33	pastebin.com
98	pastebin.com
113	pastebin.com
159	pastebin.com
171	pastebin.com
64	pastebin.com
151	pastebin.com
183	pastebin.com
35	pastebin.com
61	pastebin.com
20	pastebin.com
82	pastebin.com
86	pastebin.com
102	pastebin.com
134	pastebin.com
158	pastebin.com
172	pastebin.com
180	pastebin.com
40	pastebin.com
66	pastebin.com
85	pastebin.com
120	pastebin.com
135	pastebin.com
160	pastebin.com
15	pastebin.com
78	pastebin.com
162	pastebin.com
51	pastebin.com
75	pastebin.com
83	pastebin.com
95	pastebin.com
97	pastebin.com
114	pastebin.com
117	pastebin.com
124	pastebin.com
19	pastebin.com
154	pastebin.com
68	pastebin.com
130	pastebin.com
43	pastebin.com
45	pastebin.com
76	pastebin.com
106	pastebin.com
133	pastebin.com
146	pastebin.com
147	pastebin.com
153	pastebin.com
39	pastebin.com
170	pastebin.com
119	pastebin.com
141	pastebin.com
163	pastebin.com
168	pastebin.com
174	pastebin.com
104	pastebin.com
90	pastebin.com
109	pastebin.com
111	pastebin.com
148	pastebin.com
67	pastebin.com
112	pastebin.com
145	pastebin.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Scheduled Task/Job: Scheduled Task 1 TTPs 3 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
2056	schtasks.exe
5072	schtasks.exe
740	schtasks.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
1760	powershell.exe
1760	powershell.exe
1760	powershell.exe
2916	powershell.exe
2916	powershell.exe
2916	powershell.exe
4068	powershell.exe
4068	powershell.exe
4068	powershell.exe
4116	powershell.exe
4116	powershell.exe
4116	powershell.exe
3968	powershell.exe
3968	powershell.exe
3968	powershell.exe
2152	powershell.exe
2152	powershell.exe
2152	powershell.exe
5108	powershell.exe
5108	powershell.exe
5108	powershell.exe
2132	powershell.exe
2132	powershell.exe
2132	powershell.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3472	msedge.exe
Token: SeDebugPrivilege	2012	Chrome Update.exe
Token: SeDebugPrivilege	2892	OneDrive.exe
Token: SeDebugPrivilege	3972	Chrome Update.exe
Token: SeDebugPrivilege	348	msedge.exe
Token: SeDebugPrivilege	2976	OneDrive.exe
Token: SeDebugPrivilege	4212	msedge.exe
Token: SeDebugPrivilege	1884	Chrome Update.exe
Token: SeDebugPrivilege	2728	OneDrive.exe
Token: SeDebugPrivilege	3676	Chrome Update.exe
Token: SeDebugPrivilege	5072	OneDrive.exe
Token: SeDebugPrivilege	3040	msedge.exe
Token: SeDebugPrivilege	4824	msedge.exe
Token: SeDebugPrivilege	4928	OneDrive.exe
Token: SeDebugPrivilege	2408	Chrome Update.exe
Token: SeDebugPrivilege	3892	msedge.exe
Token: SeDebugPrivilege	4556	Chrome Update.exe
Token: SeDebugPrivilege	2532	OneDrive.exe
Token: SeDebugPrivilege	1760	powershell.exe
Token: SeDebugPrivilege	2360	msedge.exe
Token: SeDebugPrivilege	3672	Chrome Update.exe
Token: SeDebugPrivilege	1276	OneDrive.exe
Token: SeDebugPrivilege	2916	powershell.exe
Token: SeDebugPrivilege	4792	msedge.exe
Token: SeDebugPrivilege	4964	Chrome Update.exe
Token: SeDebugPrivilege	928	OneDrive.exe
Token: SeDebugPrivilege	4068	powershell.exe
Token: SeDebugPrivilege	4580	msedge.exe
Token: SeDebugPrivilege	1100	Chrome Update.exe
Token: SeDebugPrivilege	3556	OneDrive.exe
Token: SeDebugPrivilege	1304	Chrome Update.exe
Token: SeDebugPrivilege	208	msedge.exe
Token: SeDebugPrivilege	5092	OneDrive.exe
Token: SeDebugPrivilege	4116	powershell.exe
Token: SeDebugPrivilege	3968	powershell.exe
Token: SeDebugPrivilege	4280	msedge.exe
Token: SeDebugPrivilege	3876	Chrome Update.exe
Token: SeDebugPrivilege	2528	OneDrive.exe
Token: SeDebugPrivilege	1948	msedge.exe
Token: SeDebugPrivilege	1652	Chrome Update.exe
Token: SeDebugPrivilege	4632	OneDrive.exe
Token: SeDebugPrivilege	2152	powershell.exe
Token: SeDebugPrivilege	4056	msedge.exe
Token: SeDebugPrivilege	4008	OneDrive.exe
Token: SeDebugPrivilege	2220	Chrome Update.exe
Token: SeDebugPrivilege	5108	powershell.exe
Token: SeDebugPrivilege	3676	msedge.exe
Token: SeDebugPrivilege	2156	Chrome Update.exe
Token: SeDebugPrivilege	1348	OneDrive.exe
Token: SeDebugPrivilege	2416	msedge.exe
Token: SeDebugPrivilege	2736	OneDrive.exe
Token: SeDebugPrivilege	2132	powershell.exe
Token: SeDebugPrivilege	2712	Chrome Update.exe
Token: SeDebugPrivilege	5084	msedge.exe
Token: SeDebugPrivilege	1308	OneDrive.exe
Token: SeDebugPrivilege	4680	Chrome Update.exe
Token: SeDebugPrivilege	4132	msedge.exe
Token: SeDebugPrivilege	2108	Chrome Update.exe
Token: SeDebugPrivilege	3028	OneDrive.exe
Token: SeDebugPrivilege	2508	msedge.exe
Token: SeDebugPrivilege	5036	OneDrive.exe
Token: SeDebugPrivilege	2524	Chrome Update.exe
Token: SeDebugPrivilege	4128	msedge.exe
Token: SeDebugPrivilege	3156	Chrome Update.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3684 wrote to memory of 3472	3684	MoonXCrypter.exe	82
PID 3684 wrote to memory of 3472	3684	MoonXCrypter.exe	82
PID 3684 wrote to memory of 2012	3684	MoonXCrypter.exe	83
PID 3684 wrote to memory of 2012	3684	MoonXCrypter.exe	83
PID 3684 wrote to memory of 2892	3684	MoonXCrypter.exe	84
PID 3684 wrote to memory of 2892	3684	MoonXCrypter.exe	84
PID 3684 wrote to memory of 3060	3684	MoonXCrypter.exe	85
PID 3684 wrote to memory of 3060	3684	MoonXCrypter.exe	85
PID 3060 wrote to memory of 348	3060	MoonXCrypter.exe	86
PID 3060 wrote to memory of 348	3060	MoonXCrypter.exe	86
PID 3060 wrote to memory of 3972	3060	MoonXCrypter.exe	87
PID 3060 wrote to memory of 3972	3060	MoonXCrypter.exe	87
PID 3060 wrote to memory of 2976	3060	MoonXCrypter.exe	88
PID 3060 wrote to memory of 2976	3060	MoonXCrypter.exe	88
PID 3060 wrote to memory of 64	3060	MoonXCrypter.exe	89
PID 3060 wrote to memory of 64	3060	MoonXCrypter.exe	89
PID 64 wrote to memory of 4212	64	MoonXCrypter.exe	90
PID 64 wrote to memory of 4212	64	MoonXCrypter.exe	90
PID 64 wrote to memory of 1884	64	MoonXCrypter.exe	91
PID 64 wrote to memory of 1884	64	MoonXCrypter.exe	91
PID 64 wrote to memory of 2728	64	MoonXCrypter.exe	92
PID 64 wrote to memory of 2728	64	MoonXCrypter.exe	92
PID 64 wrote to memory of 4052	64	MoonXCrypter.exe	93
PID 64 wrote to memory of 4052	64	MoonXCrypter.exe	93
PID 4052 wrote to memory of 3040	4052	MoonXCrypter.exe	94
PID 4052 wrote to memory of 3040	4052	MoonXCrypter.exe	94
PID 4052 wrote to memory of 3676	4052	MoonXCrypter.exe	150
PID 4052 wrote to memory of 3676	4052	MoonXCrypter.exe	150
PID 4052 wrote to memory of 5072	4052	MoonXCrypter.exe	96
PID 4052 wrote to memory of 5072	4052	MoonXCrypter.exe	96
PID 4052 wrote to memory of 3988	4052	MoonXCrypter.exe	97
PID 4052 wrote to memory of 3988	4052	MoonXCrypter.exe	97
PID 3988 wrote to memory of 4824	3988	MoonXCrypter.exe	98
PID 3988 wrote to memory of 4824	3988	MoonXCrypter.exe	98
PID 3988 wrote to memory of 2408	3988	MoonXCrypter.exe	99
PID 3988 wrote to memory of 2408	3988	MoonXCrypter.exe	99
PID 3988 wrote to memory of 4928	3988	MoonXCrypter.exe	100
PID 3988 wrote to memory of 4928	3988	MoonXCrypter.exe	100
PID 3988 wrote to memory of 820	3988	MoonXCrypter.exe	101
PID 3988 wrote to memory of 820	3988	MoonXCrypter.exe	101
PID 820 wrote to memory of 3892	820	MoonXCrypter.exe	102
PID 820 wrote to memory of 3892	820	MoonXCrypter.exe	102
PID 820 wrote to memory of 4556	820	MoonXCrypter.exe	103
PID 820 wrote to memory of 4556	820	MoonXCrypter.exe	103
PID 820 wrote to memory of 2532	820	MoonXCrypter.exe	194
PID 820 wrote to memory of 2532	820	MoonXCrypter.exe	194
PID 820 wrote to memory of 980	820	MoonXCrypter.exe	163
PID 820 wrote to memory of 980	820	MoonXCrypter.exe	163
PID 2892 wrote to memory of 2916	2892	OneDrive.exe	106
PID 2892 wrote to memory of 2916	2892	OneDrive.exe	106
PID 2012 wrote to memory of 1760	2012	Chrome Update.exe	198
PID 2012 wrote to memory of 1760	2012	Chrome Update.exe	198
PID 980 wrote to memory of 2360	980	MoonXCrypter.exe	196
PID 980 wrote to memory of 2360	980	MoonXCrypter.exe	196
PID 980 wrote to memory of 3672	980	MoonXCrypter.exe	111
PID 980 wrote to memory of 3672	980	MoonXCrypter.exe	111
PID 980 wrote to memory of 1276	980	MoonXCrypter.exe	112
PID 980 wrote to memory of 1276	980	MoonXCrypter.exe	112
PID 980 wrote to memory of 2096	980	MoonXCrypter.exe	206
PID 980 wrote to memory of 2096	980	MoonXCrypter.exe	206
PID 2096 wrote to memory of 4792	2096	MoonXCrypter.exe	202
PID 2096 wrote to memory of 4792	2096	MoonXCrypter.exe	202
PID 2096 wrote to memory of 4964	2096	MoonXCrypter.exe	115
PID 2096 wrote to memory of 4964	2096	MoonXCrypter.exe	115

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
"C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3684
- C:\Users\Admin\AppData\Local\Temp\msedge.exe
  "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:3472
- - C:\Windows\System32\schtasks.exe
    "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "msedge" /tr "C:\Users\Admin\AppData\Roaming\msedge.exe"
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:2056
- C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
  "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2012
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1760
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Chrome Update.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4068
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\Chrome Update.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3968
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Chrome Update.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:5108
- - C:\Windows\System32\schtasks.exe
    "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Chrome Update" /tr "C:\Users\Admin\AppData\Roaming\Chrome Update.exe"
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:5072
- C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
  "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
  2⤵
  - Checks computer location settings
  - Drops startup file
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2892
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\OneDrive.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2916
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'OneDrive.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4116
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\ProgramData\OneDrive.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2152
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'OneDrive.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2132
- - C:\Windows\System32\schtasks.exe
    "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "OneDrive" /tr "C:\ProgramData\OneDrive.exe"
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:740
- C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
  "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
  2⤵
  - Checks computer location settings
  - Suspicious use of WriteProcessMemory
  PID:3060
- - C:\Users\Admin\AppData\Local\Temp\msedge.exe
    "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:348
- - C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
    "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:3972
- - C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
    "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:2976
- - C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
    "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
    3⤵
    - Checks computer location settings
    - Suspicious use of WriteProcessMemory
    PID:64
  - - C:\Users\Admin\AppData\Local\Temp\msedge.exe
      "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:4212
  - - C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
      "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:1884
  - - C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
      "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:2728
  - - C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
      "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3676
    - - C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        5⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:3988
      - C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4824
      - C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4928
      - C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        7⤵
        Suspicious use of WriteProcessMemory
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        9⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        9⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        9⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        9⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        10⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        10⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        10⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        10⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        11⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:208
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        11⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        11⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        11⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        12⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        12⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        12⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        12⤵
        Checks computer location settings
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        13⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        13⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        13⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        13⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        14⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        14⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        14⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        14⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        15⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        15⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        15⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        15⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        16⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        16⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        16⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        16⤵
        Checks computer location settings
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        17⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        17⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        17⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        17⤵
        Checks computer location settings
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        18⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        18⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        18⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        18⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        19⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        19⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        19⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        19⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        20⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        20⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        20⤵
        Executes dropped EXE
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        20⤵
        Checks computer location settings
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        21⤵
        Executes dropped EXE
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        21⤵
        Executes dropped EXE
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        21⤵
        Executes dropped EXE
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        21⤵
        Checks computer location settings
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        22⤵
        Executes dropped EXE
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        22⤵
        Executes dropped EXE
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        22⤵
        Executes dropped EXE
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        22⤵
        Checks computer location settings
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        23⤵
        Executes dropped EXE
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        23⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        23⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        23⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        24⤵
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        24⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        24⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        24⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        25⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        25⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        25⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        25⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        26⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        26⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        26⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        26⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        27⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        27⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        27⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        27⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        28⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        28⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        28⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        28⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        29⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        29⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        29⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        29⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        30⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        30⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        30⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        30⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        31⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        31⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        31⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        31⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        32⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        32⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        32⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        32⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        33⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        33⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        33⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        33⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        34⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        34⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        34⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        34⤵
        Checks computer location settings
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        35⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        35⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        35⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        35⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        36⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        36⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        36⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        36⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        37⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        37⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        37⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        37⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        38⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        38⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        38⤵
        
        PID:732
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        38⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        39⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        39⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        39⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        39⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        40⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        40⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        40⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        40⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        41⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        41⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        41⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        41⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        42⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        42⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        42⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        42⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        43⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        43⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        43⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        43⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        44⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        44⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        44⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        44⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        45⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        45⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        45⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        45⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        46⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        46⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        46⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        46⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        47⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        47⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        47⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        47⤵
        Checks computer location settings
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        48⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        48⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        48⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        48⤵
        Checks computer location settings
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        49⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        49⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        49⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        49⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        50⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        50⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        50⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        50⤵
        Checks computer location settings
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        51⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        51⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        51⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        51⤵
        Checks computer location settings
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        52⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        52⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        52⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        52⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        53⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        53⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        53⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        53⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        54⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        54⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        54⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        54⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        55⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        55⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        55⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        55⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        56⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        56⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        56⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        56⤵
        Checks computer location settings
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        57⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        57⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        57⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        57⤵
        Checks computer location settings
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        58⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        58⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        58⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        58⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        59⤵
        
        PID:208
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        59⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        59⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        59⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        60⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        60⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        60⤵
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        60⤵
        Checks computer location settings
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        61⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        61⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        61⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        61⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        62⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        62⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        62⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        62⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        63⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        63⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        63⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        63⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        64⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        64⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        64⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        64⤵
        Checks computer location settings
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        65⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        65⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        65⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        65⤵
        Checks computer location settings
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        66⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        66⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        66⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        66⤵
        Checks computer location settings
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        67⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        67⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        67⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        67⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        68⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        68⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        68⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        68⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        69⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        69⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        69⤵
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        69⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        70⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        70⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        70⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        70⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        71⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        71⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        71⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        71⤵
        Checks computer location settings
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        72⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        72⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        72⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        72⤵
        Checks computer location settings
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        73⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        73⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        73⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        73⤵
        Checks computer location settings
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        74⤵
        
        PID:208
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        74⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        74⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        74⤵
        Checks computer location settings
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        75⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        75⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        75⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        75⤵
        Checks computer location settings
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        76⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        76⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        76⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        76⤵
        Checks computer location settings
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        77⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        77⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        77⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        77⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        78⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        78⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        78⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        78⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        79⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        79⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        79⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        79⤵
        Checks computer location settings
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        80⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        80⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        80⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        80⤵
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        81⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        81⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        81⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        81⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        82⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        82⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        82⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        82⤵
        Checks computer location settings
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        83⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        83⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        83⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        83⤵
        Checks computer location settings
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        84⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        84⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        84⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        84⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        85⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        85⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        85⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        85⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        86⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        86⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        86⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        86⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        87⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        87⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        87⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        87⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        88⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        88⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        88⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        88⤵
        Checks computer location settings
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        89⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        89⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        89⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        89⤵
        Checks computer location settings
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        90⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        90⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        90⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        90⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        91⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        91⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        91⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        91⤵
        Checks computer location settings
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        92⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        92⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        92⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        92⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        93⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        93⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        93⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        93⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        94⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        94⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        94⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        94⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        95⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        95⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        95⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        95⤵
        Checks computer location settings
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        96⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        96⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        96⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        96⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        97⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        97⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        97⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        97⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        98⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        98⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        98⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        98⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        99⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        99⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        99⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        99⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        100⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        100⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        100⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        100⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        101⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        101⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        101⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        101⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        102⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        102⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        102⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        102⤵
        Checks computer location settings
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        103⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        103⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        103⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        103⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        104⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        104⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        104⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        104⤵
        Checks computer location settings
        
        PID:520
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        105⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        105⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        105⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        105⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        106⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        106⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        106⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        106⤵
        Checks computer location settings
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        107⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        107⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        107⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        107⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        108⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        108⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        108⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        108⤵
        Checks computer location settings
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        109⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        109⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        109⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        109⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        110⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        110⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        110⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        110⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        111⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        111⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        111⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        111⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        112⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        112⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        112⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        112⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        113⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        113⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        113⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        113⤵
        Checks computer location settings
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        114⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        114⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        114⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        114⤵
        Checks computer location settings
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        115⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        115⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        115⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        115⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        116⤵
        
        PID:212
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        116⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        116⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        116⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        117⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        117⤵
        
        PID:208
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        117⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        117⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        118⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        118⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        118⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        118⤵
        Checks computer location settings
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        119⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        119⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        119⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        119⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        120⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        120⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        120⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        120⤵
        Checks computer location settings
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        121⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        121⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        121⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        121⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        122⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        122⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        122⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        122⤵
        Checks computer location settings
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        123⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        123⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        123⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        123⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        124⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        124⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        124⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        124⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        125⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        125⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        125⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        125⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        126⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        126⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        126⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        126⤵
        Checks computer location settings
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        127⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        127⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        127⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        127⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        128⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        128⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        128⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        128⤵
        
        PID:208
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        129⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        129⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        129⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        129⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        130⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        130⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        130⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        130⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        131⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        131⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        131⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        131⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        132⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        132⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        132⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        132⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        133⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        133⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        133⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        133⤵
        Checks computer location settings
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        134⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        134⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        134⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        134⤵
        Checks computer location settings
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        135⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        135⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        135⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        135⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        136⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        136⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        136⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        136⤵
        Checks computer location settings
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        137⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        137⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        137⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        137⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        138⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        138⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        138⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        138⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        139⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        139⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        139⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        139⤵
        Checks computer location settings
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        140⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        140⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        140⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        140⤵
        Checks computer location settings
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        141⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        141⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        141⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        141⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        142⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        142⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        142⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        142⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        143⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        143⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        143⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        143⤵
        Checks computer location settings
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        144⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        144⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        144⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        144⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        145⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        145⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        145⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        145⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        146⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        146⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        146⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        146⤵
        Checks computer location settings
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        147⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        147⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        147⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        147⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        148⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        148⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        148⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        148⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        149⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        149⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        149⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        149⤵
        Checks computer location settings
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        150⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        150⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        150⤵
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        150⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        151⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        151⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        151⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        151⤵
        Checks computer location settings
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        152⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        152⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        152⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        152⤵
        Checks computer location settings
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        153⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        153⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        153⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        153⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        154⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        154⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        154⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        154⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        155⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        155⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        155⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        155⤵
        Checks computer location settings
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        156⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        156⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        156⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        156⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        157⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        157⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        157⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        157⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        158⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        158⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        158⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        158⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        159⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        159⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        159⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        159⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        160⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        160⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        160⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        160⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        161⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        161⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        161⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        161⤵
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        162⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        162⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        162⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        162⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        163⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        163⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        163⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        163⤵
        Checks computer location settings
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        164⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        164⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        164⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        164⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        165⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        165⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        165⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        165⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        166⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        166⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        166⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        166⤵
        Checks computer location settings
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        167⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        167⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        167⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        167⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        168⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        168⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        168⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        168⤵
        Checks computer location settings
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        169⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        169⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        169⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        169⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        170⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        170⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        170⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        170⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        171⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        171⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        171⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        171⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        172⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        172⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        172⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        172⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        173⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        173⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        173⤵
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        173⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        174⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        174⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        174⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        174⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        175⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        175⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        175⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        175⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        176⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        176⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        176⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        176⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        177⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        177⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        177⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        177⤵
        Checks computer location settings
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        178⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        178⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        178⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        178⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        179⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        179⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        179⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        179⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        180⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        180⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        180⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        180⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        181⤵
        
        PID:520
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        181⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        181⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        181⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        182⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        182⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        182⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        182⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        183⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        183⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        183⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        183⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        184⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        184⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        184⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        184⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        185⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        185⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        185⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        185⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        186⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        186⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        186⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        186⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        187⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        187⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        187⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        187⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        188⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        188⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        188⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        188⤵
        Checks computer location settings
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        189⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        189⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        189⤵
        
        PID:208
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        189⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        190⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        190⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        190⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        190⤵
        Checks computer location settings
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        191⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        191⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        191⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        191⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        192⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        192⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        192⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        192⤵
        Checks computer location settings
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        193⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        193⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        193⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        193⤵
        Checks computer location settings
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        194⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        194⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        194⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        194⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        195⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        195⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        195⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        195⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        196⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        196⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        196⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        196⤵
        Checks computer location settings
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        197⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        197⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        197⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        197⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        198⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        198⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        198⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        198⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        199⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        199⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        199⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        199⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        200⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        200⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        200⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        200⤵
        
        PID:212
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        201⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        201⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        201⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        201⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        202⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        202⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        202⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        202⤵
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        203⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        203⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        203⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        203⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        204⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        204⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        204⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        204⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        205⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        205⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        205⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        205⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        206⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        206⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        206⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        206⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        207⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        207⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        207⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        207⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        208⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        208⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        208⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        208⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        209⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        209⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        209⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        209⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        210⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        210⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        210⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        210⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        211⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        211⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        211⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        211⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        212⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        212⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        212⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        212⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        213⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        213⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        213⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        213⤵
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        214⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        214⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        214⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        214⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        215⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        215⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        215⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        215⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        216⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        216⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        216⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        216⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        217⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        217⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        217⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        217⤵
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        218⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        218⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        218⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        218⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        219⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        219⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        219⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        219⤵
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        220⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        220⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        220⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        220⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        221⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        221⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        221⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        221⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        222⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        222⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        222⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        222⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        223⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        223⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        223⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        223⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        224⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        224⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        224⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        224⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        225⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        225⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        225⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        225⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        226⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        226⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        226⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        226⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        227⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        227⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        227⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        227⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        228⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        228⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        228⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        228⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        229⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        229⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        229⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        229⤵
        
        PID:520
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        230⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        230⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        230⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        230⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        231⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        231⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        231⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        231⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        232⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        232⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        232⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        232⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        233⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        233⤵
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        233⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        233⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        234⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        234⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        234⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        234⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        235⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        235⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        235⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        235⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        236⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        236⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        236⤵
        
        PID:520
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        236⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        237⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        237⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        237⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        237⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        238⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        238⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        238⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        238⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        239⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        239⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        239⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        239⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        240⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        240⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        240⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        240⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        241⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        241⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        241⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        241⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        242⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        242⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        242⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        242⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        243⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        243⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        243⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        243⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        244⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        244⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        244⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        244⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        245⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        245⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        245⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        245⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        246⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        246⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        246⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        246⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        247⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        247⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        247⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        247⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        248⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        248⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        248⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        248⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        249⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        249⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        249⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        249⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        250⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        250⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        250⤵
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        250⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        251⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        251⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        251⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        251⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        252⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        252⤵
        
        PID:4800

C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
1⤵
PID:5064

C:\Users\Admin\AppData\Roaming\msedge.exe
C:\Users\Admin\AppData\Roaming\msedge.exe
1⤵
PID:4332

C:\ProgramData\OneDrive.exe
C:\ProgramData\OneDrive.exe
1⤵
PID:3240

C:\Users\Admin\AppData\Roaming\Chrome Update.exe
"C:\Users\Admin\AppData\Roaming\Chrome Update.exe"
1⤵
PID:4900

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
1⤵
PID:1100

C:\Windows\System32\mousocoreworker.exe
C:\Windows\System32\mousocoreworker.exe -Embedding
1⤵
PID:3656

C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe -Embedding
1⤵
PID:4972

C:\Users\Admin\AppData\Roaming\msedge.exe
C:\Users\Admin\AppData\Roaming\msedge.exe
1⤵
PID:1284

C:\ProgramData\OneDrive.exe
C:\ProgramData\OneDrive.exe
1⤵
PID:1308

C:\Users\Admin\AppData\Roaming\Chrome Update.exe
"C:\Users\Admin\AppData\Roaming\Chrome Update.exe"
1⤵
PID:2104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\MoonXCrypter.exe.log

Filesize
654B

MD5
2ff39f6c7249774be85fd60a8f9a245e

SHA1
684ff36b31aedc1e587c8496c02722c6698c1c4e

SHA256
e1b91642d85d98124a6a31f710e137ab7fd90dec30e74a05ab7fcf3b7887dced

SHA512
1d7e8b92ef4afd463d62cfa7e8b9d1799db5bf2a263d3cd7840df2e0a1323d24eb595b5f8eb615c6cb15f9e3a7b4fc99f8dd6a3d34479222e966ec708998aed1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
d85ba6ff808d9e5444a4b369f5bc2730

SHA1
31aa9d96590fff6981b315e0b391b575e4c0804a

SHA256
84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f

SHA512
8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
62623d22bd9e037191765d5083ce16a3

SHA1
4a07da6872672f715a4780513d95ed8ddeefd259

SHA256
95d79fd575bbd21540e378fcbc1cd00d16f51af62ce15bae7080bb72c24e2010

SHA512
9a448b7a0d867466c2ea04ab84d2a9485d5fd20ab53b2b854f491831ee3f1d781b94d2635f7b0b35cb9f2d373cd52c67570879a56a42ed66bc9db06962ed4992

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
430499842e45a9f2e3b9380b197dff29

SHA1
9a4a25f6229c238ebe5565ffeec9217ad669d1fd

SHA256
ef149aac6f82866d929317a4e63b510a9f4ff8a01b4bc6b1c17198b606bf1a3c

SHA512
ad0af8aa90e7b2ce47deb76f80841c464d2387476074a2eb52673a6a14db6b56064a7ad22b2810181fceba0f9572ca091b6c1b30f028fb3ea3014e8adc263dea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
10fb30dc297f99d6ebafa5fee8b24fa2

SHA1
76904509313a49a765edcde26b69c3a61f9fa225

SHA256
567bcacac120711fc04bf8e6c8cd0bff7b61e8ee0a6316254d1005ebb1264e6a

SHA512
c42ace1ea0923fa55592f4f486a508ea56997fdbe0200016b0fc16a33452fc28e4530129a315b3b3a5ede37a07097c13a0eb310c9e91e5d97bb7ce7b955b9498

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
eb1ad317bd25b55b2bbdce8a28a74a94

SHA1
98a3978be4d10d62e7411946474579ee5bdc5ea6

SHA256
9e94e7c9ac6134ee30e79498558aa1a5a1ac79a643666c3f8922eed215dd3a98

SHA512
d011f266c0240d84470c0f9577cd9e4927309bd19bb38570ca9704ed8e1d159f9bea982a59d3eefef72ce7a10bd81208b82e88ef57c7af587f7437a89769adc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
02b66c00c8e2257e9e46dde860a73cc4

SHA1
a217ab7f43d128f82575714dfeb67c8a9a0dc854

SHA256
ac3391537377df9ff9eb3cefdb7619227714cc11126801b9a22077ca76f07028

SHA512
7d7699c0f6385724214f1a73efae5340fad12db9b0387ac92d7d5754aa1ce3dff5e50ecb2757476980111a6e8814804f4294ec9a2f022e252053818055b752a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
6d3e9c29fe44e90aae6ed30ccf799ca8

SHA1
c7974ef72264bbdf13a2793ccf1aed11bc565dce

SHA256
2360634e63e8f0b5748e2c56ebb8f4aa78e71008ea7b5c9ca1c49be03b49557d

SHA512
60c38c4367352537545d859f64b9c5cbada94240478d1d039fd27b5ecba4dc1c90051557c16d802269703b873546ead416279c0a80c6fd5e49ad361cef22596a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe

Filesize
152KB

MD5
16cdd301591c6af35a03cd18caee2e59

SHA1
92c6575b57eac309c8664d4ac76d87f2906e8ef3

SHA256
11d55ac2f9070a70d12f760e9a6ee75136eca4bf711042acc25828ddda3582c8

SHA512
a44402e5e233cb983f7cfd9b81bc542a08d8092ffa4bd970fc25fe112355643506d5dfee0dd76f2e79b983df0fde67bfc50aabb477492a7596e38081e4083476

Download Submit
C:\Users\Admin\AppData\Local\Temp\OneDrive.exe

Filesize
140KB

MD5
a1cd6f4a3a37ed83515aa4752f98eb1d

SHA1
7f787c8d72787d8d130b4788b006b799167d1802

SHA256
5cbcc0a0c1d74cd54ac999717b0ff0607fe6ed02cca0a3e0433dd94783cfec65

SHA512
9489287e0b4925345fee05fe2f6e6f12440af1425ef397145e32e6f80c7ae98b530e42002d92dc156643f9829bc8a3b969e855cecd2265b6616c4514eed00355

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_wpl3jgtu.1fg.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\msedge.exe

Filesize
166KB

MD5
a06b97d6bd4489c5632d17e968a71103

SHA1
bc41fec2cb8c43f526c2c94449a1d7bcbcd364a9

SHA256
e1a9840703907437fc308be5a971e7b90d5dc1e24d03ff9988112ddb89b48cb6

SHA512
d0db4aee90306f589ca27afd1a988aefbd444f2c25418c8d54697db858d36bf627e3a68a890dcfda85a31a24a171d0152dc4473095ccebb483b4e18c5b107ddd

Download Submit
memory/1760-60-0x00000293E2100000-0x00000293E2122000-memory.dmp

Filesize
136KB

Download
memory/2012-37-0x0000000000070000-0x000000000009C000-memory.dmp

Filesize
176KB

Download
memory/2012-39-0x00007FF8C10F0000-0x00007FF8C1BB1000-memory.dmp

Filesize
10.8MB

Download
memory/2012-197-0x00007FF8C10F0000-0x00007FF8C1BB1000-memory.dmp

Filesize
10.8MB

Download
memory/2892-38-0x00000000006B0000-0x00000000006D8000-memory.dmp

Filesize
160KB

Download
memory/3472-36-0x00007FF8C10F0000-0x00007FF8C1BB1000-memory.dmp

Filesize
10.8MB

Download
memory/3472-193-0x00007FF8C10F0000-0x00007FF8C1BB1000-memory.dmp

Filesize
10.8MB

Download
memory/3472-33-0x0000000000E90000-0x0000000000EBE000-memory.dmp

Filesize
184KB

Download
memory/3684-0-0x00007FF8C10F3000-0x00007FF8C10F5000-memory.dmp

Filesize
8KB

Download
memory/3684-1-0x0000000000DE0000-0x00000000014FC000-memory.dmp

Filesize
7.1MB

Download