xworm | cdc90f38b71f0b982d87b2a911f2c1a2ca9939ec880ecfce7f5e6101669e483f

Analysis

max time kernel
77s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
28-01-2025 12:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MoonXCrypter.exe
Size

7.1MB
MD5

8bd4830859e6d4ff593fd12689dd6c5f
SHA1

b32174b222cdd84854838d5b31796d8e05fc430d
SHA256

6bc29cb0c807de07a6d2b753691b03e13cb7b267ba4b24a3de567d65ab955207
SHA512

4546f43380be8e82d21bca9310769a7b18a7c6eac4cb3f2b39435bdf6c418cacb58706bb6db7ba770af54bb4dec5ee99e105528d5c165fad1bb26838532716d2
SSDEEP

98304:6jColtmW0fKeUzknPsi9rWlZroXKeWe54DzqGnl/Vxwt2camJ14lYWVDlx/BDyvq:6Plj0hUi9rWrQboqGnlNrS4lYqXJyi

Score

10^/10

xworm execution persistence rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

Mutex

EEarXqazEvX73BCq

Attributes

Install_directory
%AppData%
install_file
Chrome Update.exe
pastebin_url
https://pastebin.com/raw/RPPi3ByL

aes.plain

Signatures

Detect Xworm Payload 6 IoCs

resource	yara_rule
behavioral2/files/0x000c000000023b92-6.dat	family_xworm
behavioral2/files/0x0007000000023c94-17.dat	family_xworm
behavioral2/memory/1980-32-0x0000000000520000-0x000000000054C000-memory.dmp	family_xworm
behavioral2/memory/548-34-0x0000000000EF0000-0x0000000000F1E000-memory.dmp	family_xworm
behavioral2/files/0x0007000000023c95-36.dat	family_xworm
behavioral2/memory/3980-39-0x0000000000EE0000-0x0000000000F08000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Command and Scripting Interpreter: PowerShell 1 TTPs 8 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
4764	powershell.exe
3028	powershell.exe
1864	powershell.exe
1456	powershell.exe
2208	powershell.exe
1740	powershell.exe
1472	powershell.exe
4976	powershell.exe

Checks computer location settings 2 TTPs 64 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	MoonXCrypter.exe

Drops startup file 6 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msedge.lnk	msedge.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msedge.lnk	msedge.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive.lnk	OneDrive.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive.lnk	OneDrive.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Chrome Update.lnk	Chrome Update.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Chrome Update.lnk	Chrome Update.exe

Executes dropped EXE 64 IoCs

pid	Process
548	msedge.exe
1980	Chrome Update.exe
3980	OneDrive.exe
1472	msedge.exe
1904	Chrome Update.exe
3556	OneDrive.exe
2616	msedge.exe
3264	Chrome Update.exe
3800	OneDrive.exe
2244	msedge.exe
4800	Chrome Update.exe
4196	OneDrive.exe
1692	msedge.exe
5064	Chrome Update.exe
628	OneDrive.exe
1644	msedge.exe
2736	Chrome Update.exe
4576	OneDrive.exe
844	msedge.exe
2452	Chrome Update.exe
2304	OneDrive.exe
3972	msedge.exe
4900	Chrome Update.exe
3588	OneDrive.exe
2572	msedge.exe
4476	Chrome Update.exe
4968	OneDrive.exe
3544	msedge.exe
4632	Chrome Update.exe
2612	OneDrive.exe
640	msedge.exe
4292	Chrome Update.exe
2000	OneDrive.exe
4040	msedge.exe
1428	Chrome Update.exe
2520	OneDrive.exe
3120	msedge.exe
2288	Chrome Update.exe
2652	OneDrive.exe
2884	msedge.exe
540	Chrome Update.exe
3508	OneDrive.exe
4772	msedge.exe
2104	Chrome Update.exe
2400	OneDrive.exe
2120	msedge.exe
4908	Chrome Update.exe
4456	OneDrive.exe
740	msedge.exe
3488	Chrome Update.exe
3828	OneDrive.exe
1256	msedge.exe
1004	Chrome Update.exe
632	OneDrive.exe
3596	msedge.exe
3628	Chrome Update.exe
924	OneDrive.exe
312	msedge.exe
4200	Chrome Update.exe
264	OneDrive.exe
3752	msedge.exe
4588	Chrome Update.exe
2784	OneDrive.exe
3900	msedge.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OneDrive = "C:\\ProgramData\\OneDrive.exe"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Chrome Update = "C:\\Users\\Admin\\AppData\\Roaming\\Chrome Update.exe"	Chrome Update.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 64 IoCs

Web Service

T1102

flow	ioc
73	pastebin.com
75	pastebin.com
155	pastebin.com
177	pastebin.com
48	pastebin.com
42	pastebin.com
80	pastebin.com
82	pastebin.com
99	pastebin.com
109	pastebin.com
111	pastebin.com
163	pastebin.com
29	pastebin.com
173	pastebin.com
171	pastebin.com
158	pastebin.com
164	pastebin.com
174	pastebin.com
179	pastebin.com
137	pastebin.com
84	pastebin.com
81	pastebin.com
86	pastebin.com
89	pastebin.com
113	pastebin.com
52	pastebin.com
101	pastebin.com
103	pastebin.com
122	pastebin.com
134	pastebin.com
24	pastebin.com
62	pastebin.com
97	pastebin.com
100	pastebin.com
104	pastebin.com
112	pastebin.com
116	pastebin.com
167	pastebin.com
47	pastebin.com
139	pastebin.com
181	pastebin.com
15	pastebin.com
159	pastebin.com
32	pastebin.com
90	pastebin.com
150	pastebin.com
151	pastebin.com
156	pastebin.com
180	pastebin.com
20	pastebin.com
106	pastebin.com
130	pastebin.com
51	pastebin.com
108	pastebin.com
145	pastebin.com
175	pastebin.com
31	pastebin.com
30	pastebin.com
94	pastebin.com
136	pastebin.com
152	pastebin.com
153	pastebin.com
168	pastebin.com
16	pastebin.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Scheduled Task/Job: Scheduled Task 1 TTPs 3 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
5060	schtasks.exe
4056	schtasks.exe
4932	schtasks.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
3028	powershell.exe
3028	powershell.exe
1864	powershell.exe
1864	powershell.exe
1864	powershell.exe
3028	powershell.exe
1456	powershell.exe
1456	powershell.exe
1456	powershell.exe
2208	powershell.exe
2208	powershell.exe
2208	powershell.exe
1740	powershell.exe
1740	powershell.exe
1740	powershell.exe
1472	powershell.exe
1472	powershell.exe
4976	powershell.exe
4976	powershell.exe
1472	powershell.exe
4976	powershell.exe
4764	powershell.exe
4764	powershell.exe
4764	powershell.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1980	Chrome Update.exe
Token: SeDebugPrivilege	548	msedge.exe
Token: SeDebugPrivilege	3980	OneDrive.exe
Token: SeDebugPrivilege	1904	Chrome Update.exe
Token: SeDebugPrivilege	1472	msedge.exe
Token: SeDebugPrivilege	3556	OneDrive.exe
Token: SeDebugPrivilege	2616	msedge.exe
Token: SeDebugPrivilege	3800	OneDrive.exe
Token: SeDebugPrivilege	3264	Chrome Update.exe
Token: SeDebugPrivilege	2244	msedge.exe
Token: SeDebugPrivilege	4800	Chrome Update.exe
Token: SeDebugPrivilege	4196	OneDrive.exe
Token: SeDebugPrivilege	628	OneDrive.exe
Token: SeDebugPrivilege	5064	Chrome Update.exe
Token: SeDebugPrivilege	1692	msedge.exe
Token: SeDebugPrivilege	1644	msedge.exe
Token: SeDebugPrivilege	2736	Chrome Update.exe
Token: SeDebugPrivilege	4576	OneDrive.exe
Token: SeDebugPrivilege	844	msedge.exe
Token: SeDebugPrivilege	2452	Chrome Update.exe
Token: SeDebugPrivilege	2304	OneDrive.exe
Token: SeDebugPrivilege	3028	powershell.exe
Token: SeDebugPrivilege	1864	powershell.exe
Token: SeDebugPrivilege	4900	Chrome Update.exe
Token: SeDebugPrivilege	3972	msedge.exe
Token: SeDebugPrivilege	3588	OneDrive.exe
Token: SeDebugPrivilege	1456	powershell.exe
Token: SeDebugPrivilege	2572	msedge.exe
Token: SeDebugPrivilege	4476	Chrome Update.exe
Token: SeDebugPrivilege	4968	OneDrive.exe
Token: SeDebugPrivilege	3544	msedge.exe
Token: SeDebugPrivilege	4632	Chrome Update.exe
Token: SeDebugPrivilege	2612	OneDrive.exe
Token: SeDebugPrivilege	2208	powershell.exe
Token: SeDebugPrivilege	1740	powershell.exe
Token: SeDebugPrivilege	640	msedge.exe
Token: SeDebugPrivilege	4292	Chrome Update.exe
Token: SeDebugPrivilege	2000	OneDrive.exe
Token: SeDebugPrivilege	1428	Chrome Update.exe
Token: SeDebugPrivilege	4040	msedge.exe
Token: SeDebugPrivilege	2520	OneDrive.exe
Token: SeDebugPrivilege	1472	powershell.exe
Token: SeDebugPrivilege	4976	powershell.exe
Token: SeDebugPrivilege	3120	msedge.exe
Token: SeDebugPrivilege	2652	OneDrive.exe
Token: SeDebugPrivilege	2884	msedge.exe
Token: SeDebugPrivilege	540	Chrome Update.exe
Token: SeDebugPrivilege	3508	OneDrive.exe
Token: SeDebugPrivilege	4764	powershell.exe
Token: SeDebugPrivilege	4772	msedge.exe
Token: SeDebugPrivilege	2104	Chrome Update.exe
Token: SeDebugPrivilege	2400	OneDrive.exe
Token: SeDebugPrivilege	2120	msedge.exe
Token: SeDebugPrivilege	4908	Chrome Update.exe
Token: SeDebugPrivilege	4456	OneDrive.exe
Token: SeDebugPrivilege	740	msedge.exe
Token: SeDebugPrivilege	3488	Chrome Update.exe
Token: SeDebugPrivilege	3828	OneDrive.exe
Token: SeDebugPrivilege	1256	msedge.exe
Token: SeDebugPrivilege	1004	Chrome Update.exe
Token: SeDebugPrivilege	632	OneDrive.exe
Token: SeDebugPrivilege	3596	msedge.exe
Token: SeDebugPrivilege	3628	Chrome Update.exe
Token: SeDebugPrivilege	924	OneDrive.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3552 wrote to memory of 548	3552	MoonXCrypter.exe	82
PID 3552 wrote to memory of 548	3552	MoonXCrypter.exe	82
PID 3552 wrote to memory of 1980	3552	MoonXCrypter.exe	83
PID 3552 wrote to memory of 1980	3552	MoonXCrypter.exe	83
PID 3552 wrote to memory of 3980	3552	MoonXCrypter.exe	84
PID 3552 wrote to memory of 3980	3552	MoonXCrypter.exe	84
PID 3552 wrote to memory of 3232	3552	MoonXCrypter.exe	85
PID 3552 wrote to memory of 3232	3552	MoonXCrypter.exe	85
PID 3232 wrote to memory of 1472	3232	MoonXCrypter.exe	86
PID 3232 wrote to memory of 1472	3232	MoonXCrypter.exe	86
PID 3232 wrote to memory of 1904	3232	MoonXCrypter.exe	87
PID 3232 wrote to memory of 1904	3232	MoonXCrypter.exe	87
PID 3232 wrote to memory of 3556	3232	MoonXCrypter.exe	88
PID 3232 wrote to memory of 3556	3232	MoonXCrypter.exe	88
PID 3232 wrote to memory of 4632	3232	MoonXCrypter.exe	89
PID 3232 wrote to memory of 4632	3232	MoonXCrypter.exe	89
PID 4632 wrote to memory of 2616	4632	MoonXCrypter.exe	90
PID 4632 wrote to memory of 2616	4632	MoonXCrypter.exe	90
PID 4632 wrote to memory of 3264	4632	MoonXCrypter.exe	91
PID 4632 wrote to memory of 3264	4632	MoonXCrypter.exe	91
PID 4632 wrote to memory of 3800	4632	MoonXCrypter.exe	92
PID 4632 wrote to memory of 3800	4632	MoonXCrypter.exe	92
PID 4632 wrote to memory of 2120	4632	MoonXCrypter.exe	93
PID 4632 wrote to memory of 2120	4632	MoonXCrypter.exe	93
PID 2120 wrote to memory of 2244	2120	MoonXCrypter.exe	94
PID 2120 wrote to memory of 2244	2120	MoonXCrypter.exe	94
PID 2120 wrote to memory of 4800	2120	MoonXCrypter.exe	95
PID 2120 wrote to memory of 4800	2120	MoonXCrypter.exe	95
PID 2120 wrote to memory of 4196	2120	MoonXCrypter.exe	96
PID 2120 wrote to memory of 4196	2120	MoonXCrypter.exe	96
PID 2120 wrote to memory of 404	2120	MoonXCrypter.exe	97
PID 2120 wrote to memory of 404	2120	MoonXCrypter.exe	97
PID 404 wrote to memory of 1692	404	MoonXCrypter.exe	98
PID 404 wrote to memory of 1692	404	MoonXCrypter.exe	98
PID 404 wrote to memory of 5064	404	MoonXCrypter.exe	99
PID 404 wrote to memory of 5064	404	MoonXCrypter.exe	99
PID 404 wrote to memory of 628	404	MoonXCrypter.exe	100
PID 404 wrote to memory of 628	404	MoonXCrypter.exe	100
PID 404 wrote to memory of 2652	404	MoonXCrypter.exe	148
PID 404 wrote to memory of 2652	404	MoonXCrypter.exe	148
PID 2652 wrote to memory of 1644	2652	MoonXCrypter.exe	102
PID 2652 wrote to memory of 1644	2652	MoonXCrypter.exe	102
PID 2652 wrote to memory of 2736	2652	MoonXCrypter.exe	103
PID 2652 wrote to memory of 2736	2652	MoonXCrypter.exe	103
PID 2652 wrote to memory of 4576	2652	MoonXCrypter.exe	104
PID 2652 wrote to memory of 4576	2652	MoonXCrypter.exe	104
PID 2652 wrote to memory of 3928	2652	MoonXCrypter.exe	105
PID 2652 wrote to memory of 3928	2652	MoonXCrypter.exe	105
PID 1980 wrote to memory of 3028	1980	Chrome Update.exe	106
PID 1980 wrote to memory of 3028	1980	Chrome Update.exe	106
PID 3928 wrote to memory of 844	3928	MoonXCrypter.exe	108
PID 3928 wrote to memory of 844	3928	MoonXCrypter.exe	108
PID 3980 wrote to memory of 1864	3980	OneDrive.exe	109
PID 3980 wrote to memory of 1864	3980	OneDrive.exe	109
PID 3928 wrote to memory of 2452	3928	MoonXCrypter.exe	110
PID 3928 wrote to memory of 2452	3928	MoonXCrypter.exe	110
PID 3928 wrote to memory of 2304	3928	MoonXCrypter.exe	179
PID 3928 wrote to memory of 2304	3928	MoonXCrypter.exe	179
PID 3928 wrote to memory of 1680	3928	MoonXCrypter.exe	113
PID 3928 wrote to memory of 1680	3928	MoonXCrypter.exe	113
PID 1680 wrote to memory of 3972	1680	MoonXCrypter.exe	114
PID 1680 wrote to memory of 3972	1680	MoonXCrypter.exe	114
PID 1680 wrote to memory of 4900	1680	MoonXCrypter.exe	115
PID 1680 wrote to memory of 4900	1680	MoonXCrypter.exe	115

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
"C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3552
- C:\Users\Admin\AppData\Local\Temp\msedge.exe
  "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:548
- - C:\Windows\System32\schtasks.exe
    "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "msedge" /tr "C:\Users\Admin\AppData\Roaming\msedge.exe"
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:5060
- C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
  "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1980
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3028
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Chrome Update.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2208
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\Chrome Update.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1472
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Chrome Update.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4764
- - C:\Windows\System32\schtasks.exe
    "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Chrome Update" /tr "C:\Users\Admin\AppData\Roaming\Chrome Update.exe"
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:4932
- C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
  "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3980
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\OneDrive.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1864
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'OneDrive.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1456
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\ProgramData\OneDrive.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1740
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'OneDrive.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4976
- - C:\Windows\System32\schtasks.exe
    "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "OneDrive" /tr "C:\ProgramData\OneDrive.exe"
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:4056
- C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
  "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
  2⤵
  - Checks computer location settings
  - Suspicious use of WriteProcessMemory
  PID:3232
- - C:\Users\Admin\AppData\Local\Temp\msedge.exe
    "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:1472
- - C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
    "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:1904
- - C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
    "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:3556
- - C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
    "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\msedge.exe
      "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
      "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:3264
  - - C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
      "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:3800
  - - C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
      "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
      4⤵
      Checks computer location settings
      Suspicious use of WriteProcessMemory
      PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4800
    - - C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4196
    - - C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:404
      - C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:628
      - C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        7⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        8⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        9⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        9⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        9⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        9⤵
        
        PID:716
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        10⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        10⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        10⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        10⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        11⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        11⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        11⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        11⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        12⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        12⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        12⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        12⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        13⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        13⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        13⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        13⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        14⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        14⤵
        Executes dropped EXE
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        14⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        14⤵
        Checks computer location settings
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        15⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        15⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        15⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        15⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        16⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        16⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        16⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        16⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        17⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        17⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        17⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        17⤵
        Checks computer location settings
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        18⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        18⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        18⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        18⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        19⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        19⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        19⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        19⤵
        Checks computer location settings
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        20⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        20⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        20⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        20⤵
        Checks computer location settings
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        21⤵
        Executes dropped EXE
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        21⤵
        Executes dropped EXE
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        21⤵
        Executes dropped EXE
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        21⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        22⤵
        Executes dropped EXE
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        22⤵
        Executes dropped EXE
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        22⤵
        Executes dropped EXE
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        22⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        23⤵
        Executes dropped EXE
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        23⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        23⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        23⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        24⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        24⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        24⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        24⤵
        Checks computer location settings
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        25⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        25⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        25⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        25⤵
        Checks computer location settings
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        26⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        26⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        26⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        26⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        27⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        27⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        27⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        27⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        28⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        28⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        28⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        28⤵
        Checks computer location settings
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        29⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        29⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        29⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        29⤵
        Checks computer location settings
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        30⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        30⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        30⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        30⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        31⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        31⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        31⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        31⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        32⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        32⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        32⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        32⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        33⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        33⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        33⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        33⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        34⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        34⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        34⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        34⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        35⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        35⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        35⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        35⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        36⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        36⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        36⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        36⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        37⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        37⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        37⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        37⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        38⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        38⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        38⤵
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        38⤵
        Checks computer location settings
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        39⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        39⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        39⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        39⤵
        Checks computer location settings
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        40⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        40⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        40⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        40⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        41⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        41⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        41⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        41⤵
        Checks computer location settings
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        42⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        42⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        42⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        42⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        43⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        43⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        43⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        43⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        44⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        44⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        44⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        44⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        45⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        45⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        45⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        45⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        46⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        46⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        46⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        46⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        47⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        47⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        47⤵
        
        PID:712
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        47⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        48⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        48⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        48⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        48⤵
        Checks computer location settings
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        49⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        49⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        49⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        49⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        50⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        50⤵
        
        PID:64
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        50⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        50⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        51⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        51⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        51⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        51⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        52⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        52⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        52⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        52⤵
        Checks computer location settings
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        53⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        53⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        53⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        53⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        54⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        54⤵
        
        PID:516
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        54⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        54⤵
        Checks computer location settings
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        55⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        55⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        55⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        55⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        56⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        56⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        56⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        56⤵
        Checks computer location settings
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        57⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        57⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        57⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        57⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        58⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        58⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        58⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        58⤵
        Checks computer location settings
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        59⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        59⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        59⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        59⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        60⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        60⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        60⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        60⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        61⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        61⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        61⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        61⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        62⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        62⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        62⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        62⤵
        Checks computer location settings
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        63⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        63⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        63⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        63⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        64⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        64⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        64⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        64⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        65⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        65⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        65⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        65⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        66⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        66⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        66⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        66⤵
        Checks computer location settings
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        67⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        67⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        67⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        67⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        68⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        68⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        68⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        68⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        69⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        69⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        69⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        69⤵
        Checks computer location settings
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        70⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        70⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        70⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        70⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        71⤵
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        71⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        71⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        71⤵
        Checks computer location settings
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        72⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        72⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        72⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        72⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        73⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        73⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        73⤵
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        73⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        74⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        74⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        74⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        74⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        75⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        75⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        75⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        75⤵
        Checks computer location settings
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        76⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        76⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        76⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        76⤵
        Checks computer location settings
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        77⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        77⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        77⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        77⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        78⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        78⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        78⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        78⤵
        Checks computer location settings
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        79⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        79⤵
        
        PID:212
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        79⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        79⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        80⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        80⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        80⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        80⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        81⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        81⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        81⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        81⤵
        Checks computer location settings
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        82⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        82⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        82⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        82⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        83⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        83⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        83⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        83⤵
        Checks computer location settings
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        84⤵
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        84⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        84⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        84⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        85⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        85⤵
        
        PID:32
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        85⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        85⤵
        Checks computer location settings
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        86⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        86⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        86⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        86⤵
        Checks computer location settings
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        87⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        87⤵
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        87⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        87⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        88⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        88⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        88⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        88⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        89⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        89⤵
        
        PID:232
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        89⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        89⤵
        Checks computer location settings
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        90⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        90⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        90⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        90⤵
        Checks computer location settings
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        91⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        91⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        91⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        91⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        92⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        92⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        92⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        92⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        93⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        93⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        93⤵
        
        PID:712
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        93⤵
        Checks computer location settings
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        94⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        94⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        94⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        94⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        95⤵
        
        PID:428
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        95⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        95⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        95⤵
        Checks computer location settings
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        96⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        96⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        96⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        96⤵
        Checks computer location settings
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        97⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        97⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        97⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        97⤵
        Checks computer location settings
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        98⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        98⤵
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        98⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        98⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        99⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        99⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        99⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        99⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        100⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        100⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        100⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        100⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        101⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        101⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        101⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        101⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        102⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        102⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        102⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        102⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        103⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        103⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        103⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        103⤵
        Checks computer location settings
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        104⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        104⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        104⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        104⤵
        Checks computer location settings
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        105⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        105⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        105⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        105⤵
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        106⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        106⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        106⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        106⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        107⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        107⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        107⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        107⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        108⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        108⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        108⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        108⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        109⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        109⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        109⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        109⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        110⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        110⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        110⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        110⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        111⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        111⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        111⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        111⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        112⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        112⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        112⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        112⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        113⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        113⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        113⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        113⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        114⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        114⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        114⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        114⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        115⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        115⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        115⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        115⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        116⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        116⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        116⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        116⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        117⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        117⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        117⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        117⤵
        Checks computer location settings
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        118⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        118⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        118⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        118⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        119⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        119⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        119⤵
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        119⤵
        Checks computer location settings
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        120⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        120⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        120⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        120⤵
        Checks computer location settings
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        121⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        121⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        121⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        121⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        122⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        122⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        122⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        122⤵
        Checks computer location settings
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        123⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        123⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        123⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        123⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        124⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        124⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        124⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        124⤵
        Checks computer location settings
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        125⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        125⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        125⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        125⤵
        Checks computer location settings
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        126⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        126⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        126⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        126⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        127⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        127⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        127⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        127⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        128⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        128⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        128⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        128⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        129⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        129⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        129⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        129⤵
        Checks computer location settings
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        130⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        130⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        130⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        130⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        131⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        131⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        131⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        131⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        132⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        132⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        132⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        132⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        133⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        133⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        133⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        133⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        134⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        134⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        134⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        134⤵
        Checks computer location settings
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        135⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        135⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        135⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        135⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        136⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        136⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        136⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        136⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        137⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        137⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        137⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        137⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        138⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        138⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        138⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        138⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        139⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        139⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        139⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        139⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        140⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        140⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        140⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        140⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        141⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        141⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        141⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        141⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        142⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        142⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        142⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        142⤵
        
        PID:212
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        143⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        143⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        143⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        143⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        144⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        144⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        144⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        144⤵
        Checks computer location settings
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        145⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        145⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        145⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        145⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        146⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        146⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        146⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        146⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        147⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        147⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        147⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        147⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        148⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        148⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        148⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        148⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        149⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        149⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        149⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        149⤵
        
        PID:232
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        150⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        150⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        150⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        150⤵
        Checks computer location settings
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        151⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        151⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        151⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        151⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        152⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        152⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        152⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        152⤵
        Checks computer location settings
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        153⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        153⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        153⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        153⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        154⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        154⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        154⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        154⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        155⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        155⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        155⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        155⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        156⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        156⤵
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        156⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        156⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        157⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        157⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        157⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        157⤵
        Checks computer location settings
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        158⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        158⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        158⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        158⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        159⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        159⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        159⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        159⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        160⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        160⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        160⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        160⤵
        Checks computer location settings
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        161⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        161⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        161⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        161⤵
        Checks computer location settings
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        162⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        162⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        162⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        162⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        163⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        163⤵
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        163⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        163⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        164⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        164⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        164⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        164⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        165⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        165⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        165⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        165⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        166⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        166⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        166⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        166⤵
        Checks computer location settings
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        167⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        167⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        167⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        167⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        168⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        168⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        168⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        168⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        169⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        169⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        169⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        169⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        170⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        170⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        170⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        170⤵
        Checks computer location settings
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        171⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        171⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        171⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        171⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        172⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        172⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        172⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        172⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        173⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        173⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        173⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        173⤵
        
        PID:32
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        174⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        174⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        174⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        174⤵
        Checks computer location settings
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        175⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        175⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        175⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        175⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        176⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        176⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        176⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        176⤵
        Checks computer location settings
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        177⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        177⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        177⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        177⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        178⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        178⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        178⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        178⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        179⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        179⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        179⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        179⤵
        Checks computer location settings
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        180⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        180⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        180⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        180⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        181⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        181⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        181⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        181⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        182⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        182⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        182⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        182⤵
        Checks computer location settings
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        183⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        183⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        183⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        183⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        184⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        184⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        184⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        184⤵
        Checks computer location settings
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        185⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        185⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        185⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        185⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        186⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        186⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        186⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        186⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        187⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        187⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        187⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        187⤵
        Checks computer location settings
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        188⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        188⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        188⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        188⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        189⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        189⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        189⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        189⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        190⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        190⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        190⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        190⤵
        Checks computer location settings
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        191⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        191⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        191⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        191⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        192⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        192⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        192⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        192⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        193⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        193⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        193⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        193⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        194⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        194⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        194⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        194⤵
        Checks computer location settings
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        195⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        195⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        195⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        195⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        196⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        196⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        196⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        196⤵
        Checks computer location settings
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        197⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        197⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        197⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        197⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        198⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        198⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        198⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        198⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        199⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        199⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        199⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        199⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        200⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        200⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        200⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        200⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        201⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        201⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        201⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        201⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        202⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        202⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        202⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        202⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        203⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        203⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        203⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        203⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        204⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        204⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        204⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        204⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        205⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        205⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        205⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        205⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        206⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        206⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        206⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        206⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        207⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        207⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        207⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        207⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        208⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        208⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        208⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        208⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        209⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        209⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        209⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        209⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        210⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        210⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        210⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        210⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        211⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        211⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        211⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        211⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        212⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        212⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        212⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        212⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        213⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        213⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        213⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        213⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        214⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        214⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        214⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        214⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        215⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        215⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        215⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        215⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        216⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        216⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        216⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        216⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        217⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        217⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        217⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        217⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        218⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        218⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        218⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        218⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        219⤵
        
        PID:516
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        219⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        219⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        219⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        220⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        220⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        220⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        220⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        221⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        221⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        221⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        221⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        222⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        222⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        222⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        222⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        223⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        223⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        223⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        223⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        224⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        224⤵
        
        PID:32
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        224⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        224⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        225⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        225⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        225⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        225⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        226⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        226⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        226⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        226⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        227⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        227⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        227⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        227⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        228⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        228⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        228⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        228⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        229⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        229⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        229⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        229⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        230⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        230⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        230⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        230⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        231⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        231⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        231⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        231⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        232⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        232⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        232⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        232⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        233⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        233⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        233⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        233⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        234⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        234⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        234⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        234⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        235⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        235⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        235⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        235⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        236⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        236⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        236⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        236⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        237⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        237⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        237⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        237⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        238⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        238⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        238⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        238⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        239⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        239⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        239⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        239⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        240⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        240⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        240⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        240⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        241⤵
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        241⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        241⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        241⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        242⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        242⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        242⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        242⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        243⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        243⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        243⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        243⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        244⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        244⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        244⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        244⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        245⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        245⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        245⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        245⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        246⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        246⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        246⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        246⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        247⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        247⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        247⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        247⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        248⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        248⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        248⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        248⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        249⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        249⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        249⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        249⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        250⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        250⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        250⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        250⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        251⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        251⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        251⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        251⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        252⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        252⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\OneDrive.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneDrive.exe"
        252⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MoonXCrypter.exe"
        252⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\msedge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
        253⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe"
        253⤵
        
        PID:2072

C:\Windows\System32\WaaSMedicAgent.exe
C:\Windows\System32\WaaSMedicAgent.exe 0018c11735d0bd744cb8d7c6b05a90b7 JciWA0wiNkW/O3Fxw2azEg.0.1.0.0.0
1⤵
PID:5040

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
1⤵
PID:264

C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\servicing\TrustedInstaller.exe
1⤵
PID:4964

C:\ProgramData\OneDrive.exe
C:\ProgramData\OneDrive.exe
1⤵
PID:1324

C:\Users\Admin\AppData\Roaming\msedge.exe
C:\Users\Admin\AppData\Roaming\msedge.exe
1⤵
PID:4436

C:\Users\Admin\AppData\Roaming\Chrome Update.exe
"C:\Users\Admin\AppData\Roaming\Chrome Update.exe"
1⤵
PID:3480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\MoonXCrypter.exe.log

Filesize
654B

MD5
2ff39f6c7249774be85fd60a8f9a245e

SHA1
684ff36b31aedc1e587c8496c02722c6698c1c4e

SHA256
e1b91642d85d98124a6a31f710e137ab7fd90dec30e74a05ab7fcf3b7887dced

SHA512
1d7e8b92ef4afd463d62cfa7e8b9d1799db5bf2a263d3cd7840df2e0a1323d24eb595b5f8eb615c6cb15f9e3a7b4fc99f8dd6a3d34479222e966ec708998aed1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
a43e653ffb5ab07940f4bdd9cc8fade4

SHA1
af43d04e3427f111b22dc891c5c7ee8a10ac4123

SHA256
c4c53abb13e99475aebfbe9fec7a8fead81c14c80d9dcc2b81375304f3a683fe

SHA512
62a97e95e1f19a8d4302847110dae44f469877eed6aa8ea22345c6eb25ee220e7d310fa0b7ec5df42356815421c0af7c46a0f1fee8933cc446641800eda6cd1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
dd1d0b083fedf44b482a028fb70b96e8

SHA1
dc9c027937c9f6d52268a1504cbae42a39c8d36a

SHA256
cab7944d29e0501dc0db904ac460ca7a87700e0ec7eb62298b7b97cbf40c424c

SHA512
96bec38bfda176292ae65dcf735103e7888baa212038737c1d1e215fcb76e4c0355e4a827a1934303e7aecae91012fa412f13e38f382b732758bae985cc67973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
ee9f1be5d4d351a5c376b370adcf0eea

SHA1
1779cecfb13c6a2f0f2813ae65d0d91ebdcf5583

SHA256
70600f0f93bca5f0548bfe5503513caadda31cbcd14dc007824b0925a8626e4b

SHA512
fda7345f64a6352e99bb3f5d94e58751a71d45a27147f60da32d12ff0307dbe416f482f1b9950e52ce63cbb5f0e5c1647f72dbb7a05c5419ccd8b7980ea86754

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
76692775e4781f0c9f0092f5804cfdb1

SHA1
6740e4e4110028c62282ee1e7eb8be576a2bc23a

SHA256
0c451ff3823450d544066237cbfb08556b7ca36c4a0ea085055f69ab35795b00

SHA512
6e0731e3736594d9e86da2fc33e08a663f29100074cc8d46e2716123c946b9eb150c804c7cf8428cac631e1cff984663d41ce3b5e1e77965bd8e2ecf0742af34

Download Submit
C:\Users\Admin\AppData\Local\Temp\Chrome Update.exe

Filesize
152KB

MD5
16cdd301591c6af35a03cd18caee2e59

SHA1
92c6575b57eac309c8664d4ac76d87f2906e8ef3

SHA256
11d55ac2f9070a70d12f760e9a6ee75136eca4bf711042acc25828ddda3582c8

SHA512
a44402e5e233cb983f7cfd9b81bc542a08d8092ffa4bd970fc25fe112355643506d5dfee0dd76f2e79b983df0fde67bfc50aabb477492a7596e38081e4083476

Download Submit
C:\Users\Admin\AppData\Local\Temp\OneDrive.exe

Filesize
140KB

MD5
a1cd6f4a3a37ed83515aa4752f98eb1d

SHA1
7f787c8d72787d8d130b4788b006b799167d1802

SHA256
5cbcc0a0c1d74cd54ac999717b0ff0607fe6ed02cca0a3e0433dd94783cfec65

SHA512
9489287e0b4925345fee05fe2f6e6f12440af1425ef397145e32e6f80c7ae98b530e42002d92dc156643f9829bc8a3b969e855cecd2265b6616c4514eed00355

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1sc0ntaj.wdq.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\msedge.exe

Filesize
166KB

MD5
a06b97d6bd4489c5632d17e968a71103

SHA1
bc41fec2cb8c43f526c2c94449a1d7bcbcd364a9

SHA256
e1a9840703907437fc308be5a971e7b90d5dc1e24d03ff9988112ddb89b48cb6

SHA512
d0db4aee90306f589ca27afd1a988aefbd444f2c25418c8d54697db858d36bf627e3a68a890dcfda85a31a24a171d0152dc4473095ccebb483b4e18c5b107ddd

Download Submit
memory/548-34-0x0000000000EF0000-0x0000000000F1E000-memory.dmp

Filesize
184KB

Download
memory/548-35-0x00007FFB29E60000-0x00007FFB2A921000-memory.dmp

Filesize
10.8MB

Download
memory/548-106-0x00007FFB29E60000-0x00007FFB2A921000-memory.dmp

Filesize
10.8MB

Download
memory/548-193-0x00007FFB29E60000-0x00007FFB2A921000-memory.dmp

Filesize
10.8MB

Download
memory/548-199-0x00007FFB29E60000-0x00007FFB2A921000-memory.dmp

Filesize
10.8MB

Download
memory/1864-69-0x000001DDE58E0000-0x000001DDE5902000-memory.dmp

Filesize
136KB

Download
memory/1980-37-0x00007FFB29E60000-0x00007FFB2A921000-memory.dmp

Filesize
10.8MB

Download
memory/1980-32-0x0000000000520000-0x000000000054C000-memory.dmp

Filesize
176KB

Download
memory/1980-198-0x00007FFB29E60000-0x00007FFB2A921000-memory.dmp

Filesize
10.8MB

Download
memory/1980-200-0x00007FFB29E60000-0x00007FFB2A921000-memory.dmp

Filesize
10.8MB

Download
memory/3552-0-0x00007FFB29E63000-0x00007FFB29E65000-memory.dmp

Filesize
8KB

Download
memory/3552-1-0x0000000000F10000-0x000000000162C000-memory.dmp

Filesize
7.1MB

Download
memory/3980-39-0x0000000000EE0000-0x0000000000F08000-memory.dmp

Filesize
160KB

Download