xworm | a23fdeddb683f716be744ef3fe9a8ce2c87b02f5e5c1f6c8bdb70881de528304

Analysis

max time kernel
55s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
22/03/2025, 06:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cef4f0409df2a015e20411fdf8317582dc6ed5f56993dd0122b8006cd695c1db.exe
Size

707KB
MD5

96c50f871ceb7ee1a0b41dcca8da5c01
SHA1

d8946f0af6156c6f69895a2808734d2696660ada
SHA256

cef4f0409df2a015e20411fdf8317582dc6ed5f56993dd0122b8006cd695c1db
SHA512

0ac872561e55a4c2cea0cd6aab965637b4ee6945552aee0a9b1e28ba338d065f98e782e433f7e3ccd464f18bc2ba14307b453ab2b3de8172a7f186018008802e
SSDEEP

12288:9Yxg7plFfjTt/iCiUjM2CiRxNvRJdo/G20F2ilcVeaeW52VJ9GkwPhc:9YKp/jR6Cix2PnNRY+20F2jVEwkw5c

Score

10^/10

xworm rat trojan

Malware Config

Extracted

Family

xworm

127.0.0.1:7000

Attributes

install_file
USB.exe

Signatures

Detect Xworm Payload 2 IoCs

resource	yara_rule
behavioral16/files/0x0005000000022f2f-6.dat	family_xworm
behavioral16/memory/4192-23-0x0000000000880000-0x0000000000892000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Checks computer location settings 2 TTPs 64 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation	Output.exe

Executes dropped EXE 64 IoCs

pid	Process
4192	XClient.exe
4908	Output.exe
4956	XClient.exe
4916	Output.exe
5212	XClient.exe
3416	Output.exe
444	XClient.exe
3120	Output.exe
3532	XClient.exe
5088	Output.exe
1656	XClient.exe
4072	Output.exe
1332	XClient.exe
940	Output.exe
5840	XClient.exe
3668	Output.exe
1080	XClient.exe
5104	Output.exe
4772	XClient.exe
548	Output.exe
4784	XClient.exe
2356	Output.exe
1084	XClient.exe
2852	Output.exe
4108	XClient.exe
5900	Output.exe
1428	XClient.exe
552	Output.exe
4204	XClient.exe
3504	Output.exe
4664	XClient.exe
2748	Output.exe
5760	XClient.exe
6108	Output.exe
5608	XClient.exe
1264	Output.exe
224	XClient.exe
1320	Output.exe
2996	XClient.exe
4620	Output.exe
5696	XClient.exe
2860	Output.exe
2212	XClient.exe
5556	Output.exe
3116	XClient.exe
2884	Output.exe
1716	XClient.exe
4260	Output.exe
5724	XClient.exe
4872	Output.exe
1468	XClient.exe
3292	Output.exe
4908	XClient.exe
528	Output.exe
1464	XClient.exe
2136	Output.exe
3120	XClient.exe
464	Output.exe
4356	XClient.exe
4304	Output.exe
4644	XClient.exe
1512	Output.exe
5016	XClient.exe
1684	Output.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4192	XClient.exe
Token: SeDebugPrivilege	4956	XClient.exe
Token: SeDebugPrivilege	5212	XClient.exe
Token: SeDebugPrivilege	444	XClient.exe
Token: SeDebugPrivilege	3532	XClient.exe
Token: SeDebugPrivilege	1656	XClient.exe
Token: SeDebugPrivilege	1332	XClient.exe
Token: SeDebugPrivilege	5840	XClient.exe
Token: SeDebugPrivilege	1080	XClient.exe
Token: SeDebugPrivilege	4772	XClient.exe
Token: SeDebugPrivilege	4784	XClient.exe
Token: SeDebugPrivilege	1084	XClient.exe
Token: SeDebugPrivilege	4108	XClient.exe
Token: SeDebugPrivilege	1428	XClient.exe
Token: SeDebugPrivilege	4204	XClient.exe
Token: SeDebugPrivilege	4664	XClient.exe
Token: SeDebugPrivilege	5760	XClient.exe
Token: SeDebugPrivilege	5608	XClient.exe
Token: SeDebugPrivilege	224	XClient.exe
Token: SeDebugPrivilege	2996	XClient.exe
Token: SeDebugPrivilege	5696	XClient.exe
Token: SeDebugPrivilege	2212	XClient.exe
Token: SeDebugPrivilege	3116	XClient.exe
Token: SeDebugPrivilege	1716	XClient.exe
Token: SeDebugPrivilege	5724	XClient.exe
Token: SeDebugPrivilege	1468	XClient.exe
Token: SeDebugPrivilege	4908	XClient.exe
Token: SeDebugPrivilege	1464	XClient.exe
Token: SeDebugPrivilege	3120	XClient.exe
Token: SeDebugPrivilege	4356	XClient.exe
Token: SeDebugPrivilege	4644	XClient.exe
Token: SeDebugPrivilege	5016	XClient.exe
Token: SeDebugPrivilege	4480	XClient.exe
Token: SeDebugPrivilege	5312	XClient.exe
Token: SeDebugPrivilege	1628	XClient.exe
Token: SeDebugPrivilege	4824	XClient.exe
Token: SeDebugPrivilege	2144	XClient.exe
Token: SeDebugPrivilege	1320	XClient.exe
Token: SeDebugPrivilege	1860	XClient.exe
Token: SeDebugPrivilege	2192	XClient.exe
Token: SeDebugPrivilege	228	XClient.exe
Token: SeDebugPrivilege	4532	XClient.exe
Token: SeDebugPrivilege	4968	XClient.exe
Token: SeDebugPrivilege	4484	XClient.exe
Token: SeDebugPrivilege	5840	XClient.exe
Token: SeDebugPrivilege	3884	XClient.exe
Token: SeDebugPrivilege	4068	XClient.exe
Token: SeDebugPrivilege	1484	XClient.exe
Token: SeDebugPrivilege	3668	XClient.exe
Token: SeDebugPrivilege	5104	XClient.exe
Token: SeDebugPrivilege	3640	XClient.exe
Token: SeDebugPrivilege	4812	XClient.exe
Token: SeDebugPrivilege	4180	XClient.exe
Token: SeDebugPrivilege	5988	XClient.exe
Token: SeDebugPrivilege	4016	XClient.exe
Token: SeDebugPrivilege	1092	XClient.exe
Token: SeDebugPrivilege	3780	XClient.exe
Token: SeDebugPrivilege	2964	XClient.exe
Token: SeDebugPrivilege	4548	XClient.exe
Token: SeDebugPrivilege	4992	XClient.exe
Token: SeDebugPrivilege	5804	XClient.exe
Token: SeDebugPrivilege	3964	XClient.exe
Token: SeDebugPrivilege	3396	XClient.exe
Token: SeDebugPrivilege	3048	XClient.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3964 wrote to memory of 4192	3964	cef4f0409df2a015e20411fdf8317582dc6ed5f56993dd0122b8006cd695c1db.exe	86
PID 3964 wrote to memory of 4192	3964	cef4f0409df2a015e20411fdf8317582dc6ed5f56993dd0122b8006cd695c1db.exe	86
PID 3964 wrote to memory of 4908	3964	cef4f0409df2a015e20411fdf8317582dc6ed5f56993dd0122b8006cd695c1db.exe	87
PID 3964 wrote to memory of 4908	3964	cef4f0409df2a015e20411fdf8317582dc6ed5f56993dd0122b8006cd695c1db.exe	87
PID 4908 wrote to memory of 4956	4908	Output.exe	88
PID 4908 wrote to memory of 4956	4908	Output.exe	88
PID 4908 wrote to memory of 4916	4908	Output.exe	89
PID 4908 wrote to memory of 4916	4908	Output.exe	89
PID 4916 wrote to memory of 5212	4916	Output.exe	90
PID 4916 wrote to memory of 5212	4916	Output.exe	90
PID 4916 wrote to memory of 3416	4916	Output.exe	91
PID 4916 wrote to memory of 3416	4916	Output.exe	91
PID 3416 wrote to memory of 444	3416	Output.exe	92
PID 3416 wrote to memory of 444	3416	Output.exe	92
PID 3416 wrote to memory of 3120	3416	Output.exe	93
PID 3416 wrote to memory of 3120	3416	Output.exe	93
PID 3120 wrote to memory of 3532	3120	Output.exe	94
PID 3120 wrote to memory of 3532	3120	Output.exe	94
PID 3120 wrote to memory of 5088	3120	Output.exe	95
PID 3120 wrote to memory of 5088	3120	Output.exe	95
PID 5088 wrote to memory of 1656	5088	Output.exe	96
PID 5088 wrote to memory of 1656	5088	Output.exe	96
PID 5088 wrote to memory of 4072	5088	Output.exe	97
PID 5088 wrote to memory of 4072	5088	Output.exe	97
PID 4072 wrote to memory of 1332	4072	Output.exe	98
PID 4072 wrote to memory of 1332	4072	Output.exe	98
PID 4072 wrote to memory of 940	4072	Output.exe	99
PID 4072 wrote to memory of 940	4072	Output.exe	99
PID 940 wrote to memory of 5840	940	Output.exe	100
PID 940 wrote to memory of 5840	940	Output.exe	100
PID 940 wrote to memory of 3668	940	Output.exe	101
PID 940 wrote to memory of 3668	940	Output.exe	101
PID 3668 wrote to memory of 1080	3668	Output.exe	102
PID 3668 wrote to memory of 1080	3668	Output.exe	102
PID 3668 wrote to memory of 5104	3668	Output.exe	103
PID 3668 wrote to memory of 5104	3668	Output.exe	103
PID 5104 wrote to memory of 4772	5104	Output.exe	104
PID 5104 wrote to memory of 4772	5104	Output.exe	104
PID 5104 wrote to memory of 548	5104	Output.exe	105
PID 5104 wrote to memory of 548	5104	Output.exe	105
PID 548 wrote to memory of 4784	548	Output.exe	106
PID 548 wrote to memory of 4784	548	Output.exe	106
PID 548 wrote to memory of 2356	548	Output.exe	107
PID 548 wrote to memory of 2356	548	Output.exe	107
PID 2356 wrote to memory of 1084	2356	Output.exe	108
PID 2356 wrote to memory of 1084	2356	Output.exe	108
PID 2356 wrote to memory of 2852	2356	Output.exe	109
PID 2356 wrote to memory of 2852	2356	Output.exe	109
PID 2852 wrote to memory of 4108	2852	Output.exe	110
PID 2852 wrote to memory of 4108	2852	Output.exe	110
PID 2852 wrote to memory of 5900	2852	Output.exe	111
PID 2852 wrote to memory of 5900	2852	Output.exe	111
PID 5900 wrote to memory of 1428	5900	Output.exe	112
PID 5900 wrote to memory of 1428	5900	Output.exe	112
PID 5900 wrote to memory of 552	5900	Output.exe	113
PID 5900 wrote to memory of 552	5900	Output.exe	113
PID 552 wrote to memory of 4204	552	Output.exe	114
PID 552 wrote to memory of 4204	552	Output.exe	114
PID 552 wrote to memory of 3504	552	Output.exe	115
PID 552 wrote to memory of 3504	552	Output.exe	115
PID 3504 wrote to memory of 4664	3504	Output.exe	116
PID 3504 wrote to memory of 4664	3504	Output.exe	116
PID 3504 wrote to memory of 2748	3504	Output.exe	117
PID 3504 wrote to memory of 2748	3504	Output.exe	117

C:\Users\Admin\AppData\Local\Temp\cef4f0409df2a015e20411fdf8317582dc6ed5f56993dd0122b8006cd695c1db.exe
"C:\Users\Admin\AppData\Local\Temp\cef4f0409df2a015e20411fdf8317582dc6ed5f56993dd0122b8006cd695c1db.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3964
- C:\Users\Admin\AppData\Roaming\XClient.exe
  "C:\Users\Admin\AppData\Roaming\XClient.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:4192
- C:\Users\Admin\AppData\Roaming\Output.exe
  "C:\Users\Admin\AppData\Roaming\Output.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:4908
- - C:\Users\Admin\AppData\Roaming\XClient.exe
    "C:\Users\Admin\AppData\Roaming\XClient.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:4956
- - C:\Users\Admin\AppData\Roaming\Output.exe
    "C:\Users\Admin\AppData\Roaming\Output.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4916
  - - C:\Users\Admin\AppData\Roaming\XClient.exe
      "C:\Users\Admin\AppData\Roaming\XClient.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:5212
  - - C:\Users\Admin\AppData\Roaming\Output.exe
      "C:\Users\Admin\AppData\Roaming\Output.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:3416
    - - C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:444
    - - C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3120
      - C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3532
      - C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:5088
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1656
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4072
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1332
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:940
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        9⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5840
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        9⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3668
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        10⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1080
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        10⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:5104
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        11⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4772
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        11⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:548
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        12⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4784
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        12⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2356
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        13⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1084
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        13⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2852
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        14⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4108
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        14⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:5900
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        15⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1428
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        15⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:552
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        16⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4204
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        16⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3504
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        17⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4664
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        17⤵
        Executes dropped EXE
        
        PID:2748
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        18⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5760
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        18⤵
        Executes dropped EXE
        
        PID:6108
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        19⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5608
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        19⤵
        Executes dropped EXE
        
        PID:1264
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        20⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:224
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        20⤵
        Executes dropped EXE
        
        PID:1320
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        21⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2996
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        21⤵
        Executes dropped EXE
        
        PID:4620
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        22⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5696
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        22⤵
        Executes dropped EXE
        
        PID:2860
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        23⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2212
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        23⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:5556
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        24⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3116
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        24⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:2884
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        25⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1716
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        25⤵
        Executes dropped EXE
        
        PID:4260
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        26⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5724
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        26⤵
        Executes dropped EXE
        
        PID:4872
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        27⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1468
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        27⤵
        Executes dropped EXE
        
        PID:3292
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        28⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4908
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        28⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:528
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        29⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1464
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        29⤵
        Executes dropped EXE
        
        PID:2136
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        30⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3120
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        30⤵
        Executes dropped EXE
        
        PID:464
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        31⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4356
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        31⤵
        Executes dropped EXE
        
        PID:4304
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        32⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4644
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        32⤵
        Executes dropped EXE
        
        PID:1512
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        33⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5016
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        33⤵
        Executes dropped EXE
        
        PID:1684
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        34⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4480
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        34⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        35⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5312
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        35⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        36⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1628
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        36⤵
        Checks computer location settings
        
        PID:5052
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        37⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4824
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        37⤵
        Checks computer location settings
        
        PID:392
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        38⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2144
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        38⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        39⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1320
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        39⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        40⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1860
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        40⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        41⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2192
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        41⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        42⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:228
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        42⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        43⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4532
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        43⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        44⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4968
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        44⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        45⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4484
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        45⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        46⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5840
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        46⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        47⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3884
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        47⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        48⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4068
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        48⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        49⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1484
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        49⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        50⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3668
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        50⤵
        Checks computer location settings
        
        PID:4304
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        51⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5104
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        51⤵
        Checks computer location settings
        
        PID:3836
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        52⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3640
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        52⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        53⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4812
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        53⤵
        Checks computer location settings
        
        PID:2204
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        54⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4180
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        54⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        55⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5988
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        55⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        56⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4016
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        56⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        57⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1092
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        57⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        58⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3780
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        58⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        59⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2964
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        59⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        60⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4548
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        60⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        61⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4992
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        61⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        62⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5804
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        62⤵
        Checks computer location settings
        
        PID:1784
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        63⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3964
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        63⤵
        Checks computer location settings
        
        PID:4168
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        64⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3396
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        64⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        65⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3048
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        65⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        66⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        66⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        67⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        67⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        68⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        68⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        69⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        69⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        70⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        70⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        71⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        71⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        72⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        72⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        73⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        73⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        74⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        74⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        75⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        75⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        76⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        76⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        77⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        77⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        78⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        78⤵
        Checks computer location settings
        
        PID:5452
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        79⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        79⤵
        Checks computer location settings
        
        PID:4612
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        80⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        80⤵
        Checks computer location settings
        
        PID:5008
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        81⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        81⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        82⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        82⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        83⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        83⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        84⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        84⤵
        Checks computer location settings
        
        PID:1660
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        85⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        85⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        86⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        86⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        87⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        87⤵
        Checks computer location settings
        
        PID:5648
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        88⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        88⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        89⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        89⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        90⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        90⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        91⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        91⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        92⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        92⤵
        Checks computer location settings
        
        PID:4088
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        93⤵
        
        PID:408
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        93⤵
        Checks computer location settings
        
        PID:2264
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        94⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        94⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        95⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        95⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        96⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        96⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        97⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        97⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        98⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        98⤵
        Checks computer location settings
        
        PID:4268
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        99⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        99⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        100⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        100⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        101⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        101⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        102⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        102⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        103⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        103⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        104⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        104⤵
        Checks computer location settings
        
        PID:3976
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        105⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        105⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        106⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        106⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        107⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        107⤵
        Checks computer location settings
        
        PID:4204
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        108⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        108⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        109⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        109⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        110⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        110⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        111⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        111⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        112⤵
        
        PID:228
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        112⤵
        Checks computer location settings
        
        PID:3808
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        113⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        113⤵
        Checks computer location settings
        
        PID:4384
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        114⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        114⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        115⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        115⤵
        Checks computer location settings
        
        PID:5380
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        116⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        116⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        117⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        117⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        118⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        118⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        119⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        119⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        120⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        120⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        121⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        121⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        122⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        122⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        123⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        123⤵
        Checks computer location settings
        
        PID:3400
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        124⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        124⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        125⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        125⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        126⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        126⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        127⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        127⤵
        Checks computer location settings
        
        PID:1056
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        128⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        128⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        129⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        129⤵
        Checks computer location settings
        
        PID:4780
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        130⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        130⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        131⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        131⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        132⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        132⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        133⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        133⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        134⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        134⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        135⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        135⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        136⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        136⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        137⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        137⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        138⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        138⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        139⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        139⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        140⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        140⤵
        Checks computer location settings
        
        PID:4956
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        141⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        141⤵
        Checks computer location settings
        
        PID:2852
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        142⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        142⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        143⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        143⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        144⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        144⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        145⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        145⤵
        Checks computer location settings
        
        PID:4148
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        146⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        146⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        147⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        147⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        148⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        148⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        149⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        149⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        150⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        150⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        151⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        151⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        152⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        152⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        153⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        153⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        154⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        154⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        155⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        155⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        156⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        156⤵
        Checks computer location settings
        
        PID:5228
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        157⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        157⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        158⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        158⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        159⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        159⤵
        Checks computer location settings
        
        PID:2852
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        160⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        160⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        161⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        161⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        162⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        162⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        163⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        163⤵
        Checks computer location settings
        
        PID:552
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        164⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        164⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        165⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        165⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        166⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        166⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        167⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        167⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        168⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        168⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        169⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        169⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        170⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        170⤵
        Checks computer location settings
        
        PID:3688
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        171⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        171⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        172⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        172⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        173⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        173⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        174⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        174⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        175⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        175⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        176⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        176⤵
        
        PID:364
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        177⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        177⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        178⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        178⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        179⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        179⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        180⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        180⤵
        Checks computer location settings
        
        PID:1252
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        181⤵
        
        PID:208
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        181⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        182⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        182⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        183⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        183⤵
        Checks computer location settings
        
        PID:3236
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        184⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        184⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        185⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        185⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        186⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        186⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        187⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        187⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        188⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        188⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        189⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        189⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        190⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        190⤵
        Checks computer location settings
        
        PID:5412
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        191⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        191⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        192⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        192⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        193⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        193⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        194⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        194⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        195⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        195⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        196⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        196⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        197⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        197⤵
        
        PID:224
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        198⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        198⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        199⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        199⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        200⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        200⤵
        Checks computer location settings
        
        PID:5092
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        201⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        201⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        202⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        202⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        203⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        203⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        204⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        204⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        205⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        205⤵
        Checks computer location settings
        
        PID:3936
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        206⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        206⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        207⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        207⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        208⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        208⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        209⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        209⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        210⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        210⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        211⤵
        
        PID:228
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        211⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        212⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        212⤵
        Checks computer location settings
        
        PID:5440
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        213⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        213⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        214⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        214⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        215⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        215⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        216⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        216⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        217⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        217⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        218⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        218⤵
        Checks computer location settings
        
        PID:5856
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        219⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        219⤵
        Checks computer location settings
        
        PID:4464
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        220⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        220⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        221⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        221⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        222⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        222⤵
        Checks computer location settings
        
        PID:3052
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        223⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        223⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        224⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        224⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        225⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        225⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        226⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        226⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        227⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        227⤵
        Checks computer location settings
        
        PID:972
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        228⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        228⤵
        Checks computer location settings
        
        PID:4120
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        229⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        229⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        230⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        230⤵
        Checks computer location settings
        
        PID:4944
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        231⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        231⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        232⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        232⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        233⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        233⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        234⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        234⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        235⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        235⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        236⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        236⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        237⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        237⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        238⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        238⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        239⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        239⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        240⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        240⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        241⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        241⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        242⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        242⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        243⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        243⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        244⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        244⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        245⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        245⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        246⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        246⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        247⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        247⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        248⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        248⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        249⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        249⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        250⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        250⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        251⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        251⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        252⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        252⤵
        Checks computer location settings
        
        PID:1376
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        253⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        253⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        254⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        254⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        255⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        255⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        256⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        256⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        257⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        257⤵
        Checks computer location settings
        
        PID:3556
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        258⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        258⤵
        Checks computer location settings
        
        PID:5316
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        259⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        259⤵
        Checks computer location settings
        
        PID:5600
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        260⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        260⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        261⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        261⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        262⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        262⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        263⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        263⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        264⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        264⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        265⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        265⤵
        Checks computer location settings
        
        PID:1692
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        266⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        266⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        267⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        267⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        268⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        268⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        269⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        269⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        270⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        270⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        271⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        271⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        272⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        272⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        273⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        273⤵
        Checks computer location settings
        
        PID:5596
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        274⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        274⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        275⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        275⤵
        Checks computer location settings
        
        PID:3392
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        276⤵
        
        PID:664
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        276⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        277⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        277⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        278⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        278⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        279⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        279⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        280⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        280⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        281⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        281⤵
        Checks computer location settings
        
        PID:548
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        282⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        282⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        283⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        283⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        284⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        284⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        285⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        285⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        286⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        286⤵
        Checks computer location settings
        
        PID:2868
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        287⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        287⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        288⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        288⤵
        Checks computer location settings
        
        PID:4528
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        289⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        289⤵
        Checks computer location settings
        
        PID:3568
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        290⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        290⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        291⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        291⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        292⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        292⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        293⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        293⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        294⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        294⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        295⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        295⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        296⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        296⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        297⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        297⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        298⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        298⤵
        Checks computer location settings
        
        PID:3292
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        299⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        299⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        300⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        300⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        301⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        301⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        302⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        302⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        303⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        303⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        304⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        304⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        305⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        305⤵
        Checks computer location settings
        
        PID:4632
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        306⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        306⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        307⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        307⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        308⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        308⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        309⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        309⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        310⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        310⤵
        Checks computer location settings
        
        PID:5112
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        311⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        311⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        312⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        312⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        313⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        313⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        314⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        314⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        315⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        315⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        316⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        316⤵
        
        PID:364
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        317⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        317⤵
        Checks computer location settings
        
        PID:5340
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        318⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        318⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        319⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        319⤵
        Checks computer location settings
        
        PID:4736
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        320⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        320⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        321⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        321⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        322⤵
        
        PID:8
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        322⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        323⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        323⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        324⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        324⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        325⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        325⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        326⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        326⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        327⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        327⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        328⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        328⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        329⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        329⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        330⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        330⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        331⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        331⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        332⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        332⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        333⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        333⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        334⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        334⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        335⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        335⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        336⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        336⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        337⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        337⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        338⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        338⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        339⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        339⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        340⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        340⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        341⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        341⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        342⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        342⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        343⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        343⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        344⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        344⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        345⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        345⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        346⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        346⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        347⤵
        
        PID:208
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        347⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        348⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        348⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        349⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        349⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        350⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        350⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        351⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        351⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        352⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        352⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        353⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        353⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        354⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        354⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        355⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        355⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        356⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        356⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        357⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        357⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        358⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        358⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        359⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        359⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        360⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        360⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        361⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        361⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        362⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        362⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        363⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        363⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        364⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        364⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        365⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        365⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        366⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        366⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        367⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        367⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        368⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        368⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        369⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        369⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        370⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        370⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        371⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        371⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        372⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        372⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        373⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        373⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        374⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        374⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        375⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        375⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        376⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        376⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        377⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        377⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        378⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        378⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        379⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        379⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        380⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        380⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        381⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        381⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        382⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        382⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        383⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        383⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        384⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        384⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        385⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        385⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        386⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        386⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        387⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        387⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        388⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        388⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        389⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        389⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        390⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        390⤵
        
        PID:232
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        391⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        391⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        392⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        392⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        393⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        393⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        394⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        394⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        395⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        395⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        396⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        396⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        397⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        397⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        398⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        398⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        399⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        399⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        400⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        400⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        401⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        401⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        402⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        402⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        403⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        403⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        404⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        404⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        405⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        405⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        406⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        406⤵
        
        PID:664
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        407⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        407⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        408⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        408⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        409⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        409⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        410⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        410⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        411⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        411⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        412⤵
        
        PID:232
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        412⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        413⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        413⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        414⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        414⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        415⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        415⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        416⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        416⤵
        
        PID:224
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        417⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        417⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        418⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        418⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        419⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        419⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        420⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        420⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        421⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        421⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        422⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        422⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        423⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        423⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        424⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        424⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        425⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        425⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        426⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        426⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        427⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        427⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        428⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        428⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        429⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        429⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        430⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        430⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        431⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        431⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        432⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        432⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        433⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        433⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        434⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        434⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        435⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        435⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        436⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        436⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        437⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        437⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        438⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        438⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        439⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        439⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        440⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        440⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        441⤵
        
        PID:224
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        441⤵
        
        PID:8
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        442⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        442⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        443⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        443⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        444⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        444⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        445⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        445⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        446⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        446⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        447⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        447⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        448⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        448⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        449⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        449⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        450⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        450⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        451⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        451⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        452⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        452⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        453⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        453⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        454⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        454⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        455⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        455⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        456⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        456⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        457⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        457⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        458⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        458⤵
        
        PID:228
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        459⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        459⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        460⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        460⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        461⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        461⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        462⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        462⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        463⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        463⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        464⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        464⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        465⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        465⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        466⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        466⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        467⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        467⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        468⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        468⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        469⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        469⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        470⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        470⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        471⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        471⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        472⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        472⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        473⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        473⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        474⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        474⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        475⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        475⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        476⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        476⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        477⤵
        
        PID:224
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        477⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        478⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        478⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        479⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        479⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        480⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        480⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        481⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        481⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        482⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        482⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        483⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        483⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        484⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        484⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        485⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        485⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        486⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        486⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        487⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        487⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        488⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        488⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        489⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        489⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        490⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        490⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        491⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        491⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        492⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        492⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        493⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        493⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        494⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        494⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        495⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        495⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        496⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        496⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        497⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        497⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        498⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        498⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        499⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        499⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        500⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        500⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        501⤵
        
        PID:388
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        501⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        502⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        502⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        503⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        503⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        504⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        504⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        505⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        505⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        506⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        506⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        507⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        507⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        508⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        508⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        509⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        509⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        510⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        510⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        511⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Roaming\Output.exe
        
        "C:\Users\Admin\AppData\Roaming\Output.exe"
        511⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Roaming\XClient.exe
        
        "C:\Users\Admin\AppData\Roaming\XClient.exe"
        512⤵
        
        PID:1428

C:\Windows\System32\mousocoreworker.exe
C:\Windows\System32\mousocoreworker.exe -Embedding
1⤵
PID:4480

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
1⤵
PID:4404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Output.exe.log

Filesize
654B

MD5
2ff39f6c7249774be85fd60a8f9a245e

SHA1
684ff36b31aedc1e587c8496c02722c6698c1c4e

SHA256
e1b91642d85d98124a6a31f710e137ab7fd90dec30e74a05ab7fcf3b7887dced

SHA512
1d7e8b92ef4afd463d62cfa7e8b9d1799db5bf2a263d3cd7840df2e0a1323d24eb595b5f8eb615c6cb15f9e3a7b4fc99f8dd6a3d34479222e966ec708998aed1

Download Submit
C:\Users\Admin\AppData\Roaming\Output.exe

Filesize
641KB

MD5
be28798fb13ebd61d94d6712436dc399

SHA1
186c13dd590594a63e81b24205d1520a2e03b2cc

SHA256
45be306e0f454b946091c3c0742655878a7eb69a1c7675c9a677438f4e684c34

SHA512
473273021ba324077ae022c8bb10e457d78ce1bfeef95045287915fd15bf1e23cf5a2db42d67c4bb93aba4babb9a8cc71e906ed305f6ad223cf5d1e4534b86a1

Download Submit
C:\Users\Admin\AppData\Roaming\XClient.exe

Filesize
50KB

MD5
e0918682feb10b28a39a9cfbf4d2d90c

SHA1
c33f8518747e96955387bac3c8299eea24357fe0

SHA256
8f7a69675281f0e5f2fd0b43c64434fdb132fdca1eb82cf23aa947f83c833d01

SHA512
dcb3961832197bf33b4e554a69b95a17c847fccde7211ca96ee0a9ad975a051f93e6f29a3a9525279b2aaf9d6b7208a8ddeb8c1d430e79ddf4155f5629038fa7

Download Submit
memory/3964-0-0x00007FFDF0513000-0x00007FFDF0515000-memory.dmp

Filesize
8KB

Download
memory/3964-1-0x0000000000B10000-0x0000000000BC8000-memory.dmp

Filesize
736KB

Download
memory/4192-23-0x0000000000880000-0x0000000000892000-memory.dmp

Filesize
72KB

Download
memory/4192-27-0x00007FFDF0510000-0x00007FFDF0FD1000-memory.dmp

Filesize
10.8MB

Download
memory/4192-56-0x00007FFDF0510000-0x00007FFDF0FD1000-memory.dmp

Filesize
10.8MB

Download
memory/4192-93-0x00007FFDF0510000-0x00007FFDF0FD1000-memory.dmp

Filesize
10.8MB

Download
memory/4192-94-0x00007FFDF0510000-0x00007FFDF0FD1000-memory.dmp

Filesize
10.8MB

Download
memory/4908-26-0x0000000000870000-0x0000000000916000-memory.dmp

Filesize
664KB

Download
memory/4908-28-0x00007FFDF0510000-0x00007FFDF0FD1000-memory.dmp

Filesize
10.8MB

Download
memory/4908-33-0x00007FFDF0510000-0x00007FFDF0FD1000-memory.dmp

Filesize
10.8MB

Download