08ab91c3184a782e792c333f7ac789aed78cd3fe8500947c4c7e78f750800854

Analysis

max time kernel
22s
max time network
124s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
19/06/2024, 23:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Size

23KB
MD5

012822f0f44d0e4c2659f3fcfff85d72
SHA1

5966b73f4d39d5ea312bc9acc5068c8d42088a4e
SHA256

08ab91c3184a782e792c333f7ac789aed78cd3fe8500947c4c7e78f750800854
SHA512

c10129ca0559a17bb9c5b40342ac6b9680fb54ae3ada49374c5a9933c3d945d55c341ceee0cf1520cac3c2e7065f92a258c12deaf3720e03a9350052ad3db521
SSDEEP

384:0c1zCS+1LPrSOBxk9Db87YnQ8tMyamgORZ4zw/UygkCZps5NmYkjKJ49obQp:X5f+1KOBqbIYNMyamguj8pImYkscD

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2760	cmd.exe

Executes dropped EXE 64 IoCs

pid	Process
2576	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2632	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2616	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2644	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2508	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2604	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1740	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
684	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1492	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2824	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2348	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
656	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
752	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1428	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2780	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2544	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
796	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1792	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2456	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2900	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2200	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2276	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2152	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1288	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
692	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2364	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1360	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
968	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1952	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
632	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1704	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2968	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2020	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2864	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2208	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2916	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2220	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1572	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2628	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2588	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
3032	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2708	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2676	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2540	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2644	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2952	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1508	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1996	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
756	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2812	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2800	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2820	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2844	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1776	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2184	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1284	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1232	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2668	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
924	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
884	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1844	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2280	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2360	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
3068	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe

Loads dropped DLL 64 IoCs

pid	Process
1540	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1540	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2576	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2576	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2632	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2632	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2616	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2616	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2644	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2644	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2508	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2508	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2604	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2604	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1740	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1740	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
684	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
684	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1492	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1492	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2824	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2824	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2348	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2348	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
656	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
656	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
752	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
752	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1428	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1428	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2780	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2780	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2544	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2544	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
796	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
796	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1792	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1792	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2456	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2456	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2900	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2900	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2200	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2200	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2276	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2276	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2152	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2152	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1288	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1288	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
692	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
692	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2364	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2364	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1360	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1360	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
968	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
968	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1952	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1952	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
632	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
632	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1704	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1704	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncBasePriorityPrivilege	1540	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2576	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2632	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2616	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2644	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2508	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2604	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1740	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	684	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1492	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2824	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2348	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	656	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	752	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1428	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2780	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2544	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	796	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1792	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2456	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2900	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2200	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2276	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2152	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1288	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	692	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2364	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1360	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	968	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1952	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	632	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1704	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2968	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2020	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2864	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2208	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2916	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2220	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1572	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2628	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2588	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	3032	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2708	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2676	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2540	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2644	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2952	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1508	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1996	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	756	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2812	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2800	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2820	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2844	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1776	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2184	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1284	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1232	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2668	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	924	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	884	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1844	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2280	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2360	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1540	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1540	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2576	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2576	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2632	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2632	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2616	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2616	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2644	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2644	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2508	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2508	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2604	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2604	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1740	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1740	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
684	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
684	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1492	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1492	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2824	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2824	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2348	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2348	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
656	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
656	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
752	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
752	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1428	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1428	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2780	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2780	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2544	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2544	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
796	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
796	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1792	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1792	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2456	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2456	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2900	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2900	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2200	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2200	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2276	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2276	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2152	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2152	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1288	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1288	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
692	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
692	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2364	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
2364	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1360	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1360	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
968	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
968	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1952	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1952	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
632	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
632	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1704	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
1704	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1540 wrote to memory of 2576	1540	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	28
PID 1540 wrote to memory of 2576	1540	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	28
PID 1540 wrote to memory of 2576	1540	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	28
PID 1540 wrote to memory of 2576	1540	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	28
PID 2576 wrote to memory of 2632	2576	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	29
PID 2576 wrote to memory of 2632	2576	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	29
PID 2576 wrote to memory of 2632	2576	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	29
PID 2576 wrote to memory of 2632	2576	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	29
PID 1540 wrote to memory of 2760	1540	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	30
PID 1540 wrote to memory of 2760	1540	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	30
PID 1540 wrote to memory of 2760	1540	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	30
PID 1540 wrote to memory of 2760	1540	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	30
PID 2576 wrote to memory of 2872	2576	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	31
PID 2576 wrote to memory of 2872	2576	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	31
PID 2576 wrote to memory of 2872	2576	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	31
PID 2576 wrote to memory of 2872	2576	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	31
PID 2632 wrote to memory of 2616	2632	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	32
PID 2632 wrote to memory of 2616	2632	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	32
PID 2632 wrote to memory of 2616	2632	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	32
PID 2632 wrote to memory of 2616	2632	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	32
PID 2616 wrote to memory of 2644	2616	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	33
PID 2616 wrote to memory of 2644	2616	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	33
PID 2616 wrote to memory of 2644	2616	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	33
PID 2616 wrote to memory of 2644	2616	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	33
PID 2632 wrote to memory of 2720	2632	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	34
PID 2632 wrote to memory of 2720	2632	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	34
PID 2632 wrote to memory of 2720	2632	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	34
PID 2632 wrote to memory of 2720	2632	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	34
PID 2644 wrote to memory of 2508	2644	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	35
PID 2644 wrote to memory of 2508	2644	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	35
PID 2644 wrote to memory of 2508	2644	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	35
PID 2644 wrote to memory of 2508	2644	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	35
PID 2616 wrote to memory of 2648	2616	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	36
PID 2616 wrote to memory of 2648	2616	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	36
PID 2616 wrote to memory of 2648	2616	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	36
PID 2616 wrote to memory of 2648	2616	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	36
PID 2508 wrote to memory of 2604	2508	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	37
PID 2508 wrote to memory of 2604	2508	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	37
PID 2508 wrote to memory of 2604	2508	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	37
PID 2508 wrote to memory of 2604	2508	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	37
PID 2644 wrote to memory of 2776	2644	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	38
PID 2644 wrote to memory of 2776	2644	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	38
PID 2644 wrote to memory of 2776	2644	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	38
PID 2644 wrote to memory of 2776	2644	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	38
PID 2604 wrote to memory of 1740	2604	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	39
PID 2604 wrote to memory of 1740	2604	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	39
PID 2604 wrote to memory of 1740	2604	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	39
PID 2604 wrote to memory of 1740	2604	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	39
PID 2508 wrote to memory of 1996	2508	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	121
PID 2508 wrote to memory of 1996	2508	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	121
PID 2508 wrote to memory of 1996	2508	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	121
PID 2508 wrote to memory of 1996	2508	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	121
PID 1740 wrote to memory of 684	1740	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	125
PID 1740 wrote to memory of 684	1740	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	125
PID 1740 wrote to memory of 684	1740	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	125
PID 1740 wrote to memory of 684	1740	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	125
PID 2604 wrote to memory of 580	2604	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	41
PID 2604 wrote to memory of 580	2604	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	41
PID 2604 wrote to memory of 580	2604	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	41
PID 2604 wrote to memory of 580	2604	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	41
PID 684 wrote to memory of 1492	684	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	43
PID 684 wrote to memory of 1492	684	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	43
PID 684 wrote to memory of 1492	684	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	43
PID 684 wrote to memory of 1492	684	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	43

C:\Users\Admin\AppData\Local\Temp\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1540
- C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
  C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2576
- - C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
    C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2632
  - - C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
      C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2616
    - - C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2644
      - C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2508
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2604
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1740
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:684
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:1492
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:2348
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:656
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:752
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:1428
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:796
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:1792
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:2456
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:2900
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:2200
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:2152
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:1288
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:692
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        27⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:2364
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        28⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:1360
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        29⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:968
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        30⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:1952
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        31⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:632
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        32⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:1704
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        33⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2968
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        34⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2020
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        35⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2864
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        36⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2208
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        37⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2916
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        38⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2220
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        39⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1572
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        40⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2628
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        41⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:2588
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        42⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3032
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        43⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2708
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        44⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2676
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        45⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2540
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        46⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2644
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        47⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2952
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        48⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1508
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        49⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1996
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        50⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:756
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        51⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2812
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        52⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:2800
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        53⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2820
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        54⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2844
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        55⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1776
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        56⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2184
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        57⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1284
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        58⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1232
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        59⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:2668
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        60⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:924
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        61⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:884
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        62⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:1844
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        63⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2280
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        64⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2360
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        65⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3068
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        66⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        67⤵
        
        PID:2336
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        68⤵
        
        PID:1908
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        69⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        70⤵
        
        PID:2284
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        71⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        72⤵
        
        PID:1976
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        73⤵
        Drops file in System32 directory
        
        PID:2364
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        74⤵
        Drops file in System32 directory
        
        PID:1856
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        75⤵
        
        PID:892
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        76⤵
        
        PID:2368
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        77⤵
        
        PID:2976
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        78⤵
        
        PID:1660
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        79⤵
        
        PID:2968
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        80⤵
        Drops file in System32 directory
        
        PID:2392
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        81⤵
        
        PID:1156
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        82⤵
        
        PID:1600
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        83⤵
        
        PID:2592
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        84⤵
        
        PID:3012
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        85⤵
        
        PID:2600
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        86⤵
        Drops file in System32 directory
        
        PID:2816
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        87⤵
        Drops file in System32 directory
        
        PID:2616
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        88⤵
        
        PID:2512
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        89⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        90⤵
        
        PID:2540
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        91⤵
        Drops file in System32 directory
        
        PID:2164
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        92⤵
        
        PID:2944
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        93⤵
        Drops file in System32 directory
        
        PID:1740
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        94⤵
        
        PID:332
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        95⤵
        Drops file in System32 directory
        
        PID:2956
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        96⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        97⤵
        
        PID:2828
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        98⤵
        
        PID:2820
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        99⤵
        
        PID:1948
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        100⤵
        
        PID:2184
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        101⤵
        
        PID:1044
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        102⤵
        Drops file in System32 directory
        
        PID:2404
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        103⤵
        
        PID:1636
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        104⤵
        Drops file in System32 directory
        
        PID:1196
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        105⤵
        Drops file in System32 directory
        
        PID:1324
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        106⤵
        
        PID:2296
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        107⤵
        
        PID:2384
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        108⤵
        
        PID:2280
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        109⤵
        
        PID:1632
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        110⤵
        
        PID:2200
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        111⤵
        Drops file in System32 directory
        
        PID:396
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        112⤵
        Drops file in System32 directory
        
        PID:3052
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        113⤵
        Drops file in System32 directory
        
        PID:1780
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        114⤵
        
        PID:2132
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        115⤵
        
        PID:2160
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        116⤵
        
        PID:1532
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        117⤵
        
        PID:2012
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        118⤵
        
        PID:2152
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        119⤵
        
        PID:1012
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        120⤵
        Drops file in System32 directory
        
        PID:1084
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        121⤵
        
        PID:2908
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        122⤵
        
        PID:1452
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        123⤵
        
        PID:1856
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        124⤵
        
        PID:1132
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        125⤵
        
        PID:892
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        126⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        127⤵
        
        PID:1244
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        128⤵
        
        PID:2020
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        129⤵
        
        PID:872
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        130⤵
        Drops file in System32 directory
        
        PID:2236
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        131⤵
        
        PID:1264
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        132⤵
        
        PID:1288
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        133⤵
        Drops file in System32 directory
        
        PID:1608
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        134⤵
        
        PID:1600
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        135⤵
        
        PID:2640
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        136⤵
        
        PID:3012
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        137⤵
        Drops file in System32 directory
        
        PID:2492
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        138⤵
        
        PID:1980
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        139⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        140⤵
        Drops file in System32 directory
        
        PID:2988
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        141⤵
        
        PID:2676
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        142⤵
        
        PID:2572
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        143⤵
        
        PID:2740
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        144⤵
        
        PID:2776
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        145⤵
        
        PID:2760
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        146⤵
        
        PID:2948
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        147⤵
        
        PID:684
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        148⤵
        
        PID:584
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        149⤵
        Drops file in System32 directory
        
        PID:2856
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        150⤵
        
        PID:864
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        151⤵
        Drops file in System32 directory
        
        PID:568
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        152⤵
        
        PID:1492
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        153⤵
        
        PID:2400
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        154⤵
        Drops file in System32 directory
        
        PID:2040
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        155⤵
        
        PID:1776
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        156⤵
        
        PID:2844
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        157⤵
        
        PID:3064
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        158⤵
        Drops file in System32 directory
        
        PID:2044
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        159⤵
        
        PID:2424
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        160⤵
        
        PID:536
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        161⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        162⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        163⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        164⤵
        
        PID:2688
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        165⤵
        
        PID:2796
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        166⤵
        
        PID:1324
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        167⤵
        
        PID:2268
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        168⤵
        
        PID:2672
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        169⤵
        
        PID:2868
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        170⤵
        
        PID:2456
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        171⤵
        
        PID:1308
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        172⤵
        
        PID:2708
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        173⤵
        
        PID:520
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        174⤵
        Drops file in System32 directory
        
        PID:2360
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        175⤵
        
        PID:436
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        176⤵
        
        PID:3016
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        177⤵
        
        PID:396
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        178⤵
        Drops file in System32 directory
        
        PID:3024
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        179⤵
        
        PID:1128
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        180⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        181⤵
        
        PID:2132
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        182⤵
        
        PID:748
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        183⤵
        
        PID:2516
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        184⤵
        
        PID:1088
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        185⤵
        
        PID:1908
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        186⤵
        Drops file in System32 directory
        
        PID:820
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        187⤵
        
        PID:2320
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        188⤵
        
        PID:2012
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        189⤵
        
        PID:1620
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        190⤵
        
        PID:2680
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        191⤵
        
        PID:1360
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        192⤵
        
        PID:2364
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        193⤵
        
        PID:2924
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        194⤵
        
        PID:2852
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        195⤵
        
        PID:2728
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        196⤵
        Drops file in System32 directory
        
        PID:2816
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        197⤵
        
        PID:3036
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        198⤵
        
        PID:2464
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        199⤵
        Drops file in System32 directory
        
        PID:2548
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        200⤵
        
        PID:2168
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        201⤵
        Drops file in System32 directory
        
        PID:2760
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        202⤵
        
        PID:1996
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        203⤵
        
        PID:852
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        204⤵
        
        PID:584
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        205⤵
        
        PID:2356
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        206⤵
        
        PID:2812
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        207⤵
        
        PID:2928
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        208⤵
        
        PID:2144
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        209⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        210⤵
        
        PID:1964
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        211⤵
        
        PID:3064
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        212⤵
        
        PID:2044
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        213⤵
        
        PID:2780
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        214⤵
        
        PID:936
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        215⤵
        
        PID:2668
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        216⤵
        
        PID:2380
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        217⤵
        Drops file in System32 directory
        
        PID:2428
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        218⤵
        Drops file in System32 directory
        
        PID:924
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        219⤵
        
        PID:2576
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        220⤵
        
        PID:1196
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        221⤵
        
        PID:940
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        222⤵
        
        PID:2672
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        223⤵
        
        PID:3028
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        224⤵
        
        PID:796
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        225⤵
        Drops file in System32 directory
        
        PID:2900
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        226⤵
        
        PID:1108
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        227⤵
        Drops file in System32 directory
        
        PID:520
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        228⤵
        
        PID:2200
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        229⤵
        
        PID:464
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        230⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        231⤵
        
        PID:544
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        232⤵
        
        PID:1908
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        233⤵
        
        PID:2320
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        234⤵
        
        PID:2140
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        235⤵
        
        PID:1084
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        236⤵
        Drops file in System32 directory
        
        PID:2964
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        237⤵
        
        PID:932
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        238⤵
        
        PID:1392
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        239⤵
        
        PID:976
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        240⤵
        
        PID:304
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        241⤵
        
        PID:2616
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        242⤵
        
        PID:972
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        243⤵
        
        PID:868
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        244⤵
        
        PID:2244
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        245⤵
        
        PID:820
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        246⤵
        Drops file in System32 directory
        
        PID:1444
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        247⤵
        
        PID:2328
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        248⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        249⤵
        
        PID:632
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        250⤵
        
        PID:664
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        251⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        252⤵
        
        PID:2800
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        253⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        254⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        255⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        256⤵
        
        PID:2864
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        257⤵
        Drops file in System32 directory
        
        PID:1048
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        258⤵
        
        PID:2512
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        259⤵
        
        PID:2768
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        260⤵
        
        PID:364
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        261⤵
        
        PID:1336
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        262⤵
        
        PID:908
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        263⤵
        
        PID:2740
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        264⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        265⤵
        
        PID:2760
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        266⤵
        Drops file in System32 directory
        
        PID:2944
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        267⤵
        
        PID:852
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        268⤵
        
        PID:2876
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        269⤵
        
        PID:2656
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        270⤵
        Drops file in System32 directory
        
        PID:2180
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        271⤵
        
        PID:2828
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        272⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        273⤵
        Drops file in System32 directory
        
        PID:1948
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        274⤵
        
        PID:2424
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        275⤵
        Drops file in System32 directory
        
        PID:1852
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        276⤵
        
        PID:1044
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        277⤵
        Drops file in System32 directory
        
        PID:936
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        278⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        279⤵
        
        PID:2880
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        280⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        281⤵
        
        PID:924
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        282⤵
        
        PID:2804
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        283⤵
        Drops file in System32 directory
        
        PID:2652
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        284⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        285⤵
        Drops file in System32 directory
        
        PID:2708
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        286⤵
        
        PID:796
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        287⤵
        
        PID:2504
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        288⤵
        
        PID:1600
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        289⤵
        
        PID:2296
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        290⤵
        
        PID:2608
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        291⤵
        
        PID:2520
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        292⤵
        Drops file in System32 directory
        
        PID:1544
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        293⤵
        
        PID:1668
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        294⤵
        
        PID:3016
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        295⤵
        
        PID:1332
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        296⤵
        
        PID:2884
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        297⤵
        Drops file in System32 directory
        
        PID:272
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        298⤵
        
        PID:776
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        299⤵
        
        PID:1620
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        300⤵
        Drops file in System32 directory
        
        PID:2932
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        301⤵
        
        PID:1244
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        302⤵
        Drops file in System32 directory
        
        PID:1392
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        303⤵
        Drops file in System32 directory
        
        PID:2616
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        304⤵
        Drops file in System32 directory
        
        PID:2032
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        305⤵
        
        PID:1952
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        306⤵
        Drops file in System32 directory
        
        PID:756
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        307⤵
        
        PID:1300
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        308⤵
        
        PID:2852
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        309⤵
        
        PID:1984
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        310⤵
        
        PID:3032
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        311⤵
        
        PID:2764
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        312⤵
        
        PID:2248
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        313⤵
        
        PID:2728
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        314⤵
        
        PID:1844
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        315⤵
        
        PID:2940
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        316⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        317⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        318⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        319⤵
        
        PID:2468
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        320⤵
        
        PID:2228
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        321⤵
        
        PID:2416
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        322⤵
        
        PID:2388
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        323⤵
        
        PID:3036
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        324⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        325⤵
        
        PID:892
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        326⤵
        
        PID:2776
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        327⤵
        
        PID:1132
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        328⤵
        
        PID:2740
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        329⤵
        
        PID:2948
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        330⤵
        
        PID:2952
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        331⤵
        
        PID:2848
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        332⤵
        
        PID:1236
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        333⤵
        
        PID:568
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        334⤵
        
        PID:2956
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        335⤵
        
        PID:2836
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        336⤵
        
        PID:2828
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        337⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        338⤵
        
        PID:1208
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        339⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        340⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        341⤵
        
        PID:968
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        342⤵
        
        PID:1404
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        343⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        344⤵
        
        PID:2796
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        345⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        346⤵
        
        PID:2428
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        347⤵
        
        PID:2804
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        348⤵
        
        PID:2808
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        349⤵
        
        PID:1292
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        350⤵
        
        PID:748
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        351⤵
        
        PID:2268
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        352⤵
        
        PID:3028
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        353⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        354⤵
        
        PID:520
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        355⤵
        
        PID:604
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        356⤵
        
        PID:2160
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        357⤵
        
        PID:2152
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        358⤵
        
        PID:3012
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        359⤵
        
        PID:1332
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        360⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        361⤵
        
        PID:2884
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        362⤵
        
        PID:2136
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        363⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        364⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        365⤵
        
        PID:868
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        366⤵
        
        PID:304
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        367⤵
        
        PID:1088
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        368⤵
        
        PID:2720
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        369⤵
        
        PID:1744
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        370⤵
        
        PID:972
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        371⤵
        
        PID:1648
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        372⤵
        
        PID:2244
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        373⤵
        
        PID:2332
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        374⤵
        
        PID:820
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        375⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        376⤵
        
        PID:1708
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        377⤵
        
        PID:944
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        378⤵
        
        PID:580
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        379⤵
        
        PID:2600
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        380⤵
        
        PID:884
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        381⤵
        
        PID:2220
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        382⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        383⤵
        
        PID:2392
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        384⤵
        
        PID:2676
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        385⤵
        
        PID:2908
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        386⤵
        
        PID:3036
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        387⤵
        
        PID:1336
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        388⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        389⤵
        
        PID:2776
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        390⤵
        
        PID:1132
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        391⤵
        
        PID:2648
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        392⤵
        
        PID:1860
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        393⤵
        
        PID:1996
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        394⤵
        
        PID:2196
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        395⤵
        
        PID:1492
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        396⤵
        
        PID:2844
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        397⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        398⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        399⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        400⤵
        
        PID:2696
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        401⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        402⤵
        
        PID:2668
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        403⤵
        
        PID:2880
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        404⤵
        
        PID:2656
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        405⤵
        
        PID:1836
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        406⤵
        
        PID:2316
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        407⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        408⤵
        
        PID:2804
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        409⤵
        
        PID:2672
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        410⤵
        
        PID:2276
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        411⤵
        
        PID:576
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        412⤵
        
        PID:748
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        413⤵
        
        PID:2724
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        414⤵
        
        PID:1284
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        415⤵
        
        PID:2608
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        416⤵
        
        PID:2424
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        417⤵
        
        PID:2132
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        418⤵
        
        PID:1084
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        419⤵
        
        PID:768
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        420⤵
        
        PID:272
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        421⤵
        
        PID:2320
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        422⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        423⤵
        
        PID:1476
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        424⤵
        
        PID:1692
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        425⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        426⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        427⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        428⤵
        
        PID:2896
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        429⤵
        
        PID:692
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        430⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        431⤵
        
        PID:1648
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        432⤵
        
        PID:2244
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        433⤵
        
        PID:2332
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        434⤵
        
        PID:820
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        435⤵
        
        PID:2520
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        436⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        437⤵
        
        PID:3004
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        438⤵
        
        PID:2940
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        439⤵
        
        PID:944
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        440⤵
        
        PID:2304
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        441⤵
        
        PID:1668
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        442⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        443⤵
        
        PID:2076
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        444⤵
        
        PID:2468
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        445⤵
        
        PID:2632
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        446⤵
        
        PID:2228
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        447⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        448⤵
        
        PID:2512
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        449⤵
        
        PID:2676
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        450⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        451⤵
        
        PID:1360
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        452⤵
        
        PID:364
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        453⤵
        
        PID:892
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        454⤵
        
        PID:1788
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        455⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        456⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        457⤵
        
        PID:2740
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        458⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        459⤵
        
        PID:2864
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        460⤵
        
        PID:1764
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        461⤵
        
        PID:1860
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        462⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        463⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        464⤵
        
        PID:1704
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        465⤵
        
        PID:1836
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        466⤵
        
        PID:2708
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        467⤵
        
        PID:1292
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        468⤵
        
        PID:2268
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        469⤵
        
        PID:2164
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        470⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        471⤵
        
        PID:748
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        472⤵
        
        PID:1520
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        473⤵
        
        PID:2296
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        474⤵
        
        PID:3052
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        475⤵
        
        PID:1572
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        476⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        477⤵
        
        PID:1504
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        478⤵
        
        PID:604
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        479⤵
        
        PID:2140
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        480⤵
        
        PID:2832
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        481⤵
        
        PID:2748
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        482⤵
        
        PID:1128
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        483⤵
        
        PID:1536
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        484⤵
        
        PID:776
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        485⤵
        
        PID:924
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        486⤵
        
        PID:1792
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        487⤵
        
        PID:1744
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        488⤵
        
        PID:972
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        489⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        490⤵
        
        PID:1752
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        491⤵
        
        PID:1600
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        492⤵
        
        PID:1088
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        493⤵
        
        PID:2288
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        494⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        495⤵
        
        PID:2964
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        496⤵
        
        PID:2760
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        497⤵
        
        PID:1428
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        498⤵
        
        PID:2456
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        499⤵
        
        PID:684
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        500⤵
        
        PID:2920
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        501⤵
        
        PID:2156
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        502⤵
        
        PID:2180
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        503⤵
        
        PID:2600
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        504⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        505⤵
        
        PID:1668
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        506⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        507⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        508⤵
        
        PID:2008
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        509⤵
        
        PID:908
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        510⤵
        
        PID:2084
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        511⤵
        
        PID:1240
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        512⤵
        
        PID:1980
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        513⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        514⤵
        
        PID:2304
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        515⤵
        
        PID:2472
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        516⤵
        
        PID:2184
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        517⤵
        
        PID:2676
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        518⤵
        
        PID:1528
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        519⤵
        
        PID:2412
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        520⤵
        
        PID:2776
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        521⤵
        
        PID:904
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        522⤵
        
        PID:2584
        
        C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        
        C:\Windows\system32\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
        523⤵
        
        PID:2256
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        501⤵
        
        PID:820
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        500⤵
        
        PID:2552
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        499⤵
        
        PID:2908
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        498⤵
        
        PID:1532
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        497⤵
        
        PID:2764
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        496⤵
        
        PID:1660
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        495⤵
        
        PID:1640
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        494⤵
        
        PID:2384
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        493⤵
        
        PID:2780
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        492⤵
        
        PID:1540
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        491⤵
        
        PID:1656
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        490⤵
        
        PID:2284
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        489⤵
        
        PID:2812
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        488⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        487⤵
        
        PID:2292
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        486⤵
        
        PID:1116
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        485⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        484⤵
        
        PID:2056
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        483⤵
        
        PID:1300
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        482⤵
        
        PID:3032
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        481⤵
        
        PID:2888
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        480⤵
        
        PID:2792
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        479⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        478⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        477⤵
        
        PID:1632
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        476⤵
        
        PID:1112
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        475⤵
        
        PID:2388
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        474⤵
        
        PID:2616
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        473⤵
        
        PID:2000
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        472⤵
        
        PID:304
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        471⤵
        
        PID:1388
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        470⤵
        
        PID:1052
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        469⤵
        
        PID:1952
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        468⤵
        
        PID:868
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        467⤵
        
        PID:1784
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        466⤵
        
        PID:2884
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        465⤵
        
        PID:2932
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        464⤵
        
        PID:2152
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        463⤵
        
        PID:768
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        462⤵
        
        PID:968
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        461⤵
        
        PID:1928
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        460⤵
        
        PID:2924
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        459⤵
        
        PID:2460
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        458⤵
        
        PID:1944
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        457⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        456⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        455⤵
        
        PID:1568
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        454⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        453⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        452⤵
        
        PID:1616
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        451⤵
        
        PID:1688
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        450⤵
        
        PID:2836
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        449⤵
        
        PID:976
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        448⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        447⤵
        
        PID:1964
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        446⤵
        
        PID:2844
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        445⤵
        
        PID:2856
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        444⤵
        
        PID:1620
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        443⤵
        
        PID:1352
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        442⤵
        
        PID:1492
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        441⤵
        
        PID:2828
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        440⤵
        
        PID:2956
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        439⤵
        
        PID:568
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        438⤵
        
        PID:1512
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        437⤵
        
        PID:2876
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        436⤵
        
        PID:2944
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        435⤵
        
        PID:1996
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        434⤵
        
        PID:544
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        433⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        432⤵
        
        PID:1652
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        431⤵
        
        PID:2504
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        430⤵
        
        PID:928
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        429⤵
        
        PID:1600
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        428⤵
        
        PID:1636
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        427⤵
        
        PID:1008
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        426⤵
        
        PID:2020
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        425⤵
        
        PID:1700
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        424⤵
        
        PID:2288
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        423⤵
        
        PID:2492
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        422⤵
        
        PID:656
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        421⤵
        
        PID:2964
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        420⤵
        
        PID:1812
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        419⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        418⤵
        
        PID:560
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        417⤵
        
        PID:936
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        416⤵
        
        PID:2640
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        415⤵
        
        PID:3052
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        414⤵
        
        PID:520
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        413⤵
        
        PID:2688
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        412⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        411⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        410⤵
        
        PID:2928
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        409⤵
        
        PID:1428
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        408⤵
        
        PID:2808
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        407⤵
        
        PID:2348
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        406⤵
        
        PID:2428
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        405⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        404⤵
        
        PID:1660
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        403⤵
        
        PID:2976
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        402⤵
        
        PID:2292
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        401⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        400⤵
        
        PID:684
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        399⤵
        
        PID:864
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        398⤵
        
        PID:2920
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        397⤵
        
        PID:1948
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        396⤵
        
        PID:524
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        395⤵
        
        PID:1776
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        394⤵
        
        PID:2180
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        393⤵
        
        PID:1656
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        392⤵
        
        PID:2284
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        391⤵
        
        PID:584
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        390⤵
        
        PID:2740
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        389⤵
        
        PID:1804
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        388⤵
        
        PID:612
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        387⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        386⤵
        
        PID:1052
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        385⤵
        
        PID:2980
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        384⤵
        
        PID:2388
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        383⤵
        
        PID:1452
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        382⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        381⤵
        
        PID:2748
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        380⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        379⤵
        
        PID:2592
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        378⤵
        
        PID:2176
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        377⤵
        
        PID:1504
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        376⤵
        
        PID:2692
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        375⤵
        
        PID:1012
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        374⤵
        
        PID:2612
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        373⤵
        
        PID:632
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        372⤵
        
        PID:1444
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        371⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        370⤵
        
        PID:2924
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        369⤵
        
        PID:2896
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        368⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        367⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        366⤵
        
        PID:1676
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        365⤵
        
        PID:1392
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        364⤵
        
        PID:1244
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        363⤵
        
        PID:1644
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        362⤵
        
        PID:1620
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        361⤵
        
        PID:932
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        360⤵
        
        PID:2256
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        359⤵
        
        PID:544
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        358⤵
        
        PID:2368
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        357⤵
        
        PID:3016
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        356⤵
        
        PID:2868
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        355⤵
        
        PID:3052
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        354⤵
        
        PID:2520
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        353⤵
        
        PID:1540
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        352⤵
        
        PID:1324
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        351⤵
        
        PID:1108
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        350⤵
        
        PID:2188
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        349⤵
        
        PID:1792
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        348⤵
        
        PID:2348
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        347⤵
        
        PID:1904
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        346⤵
        
        PID:1008
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        345⤵
        
        PID:924
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        344⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        343⤵
        
        PID:1476
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        342⤵
        
        PID:744
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        341⤵
        
        PID:936
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        340⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        339⤵
        
        PID:1852
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        338⤵
        
        PID:2424
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        337⤵
        
        PID:572
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        336⤵
        
        PID:1284
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        335⤵
        
        PID:2144
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        334⤵
        
        PID:2812
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        333⤵
        
        PID:2656
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        332⤵
        
        PID:2156
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        331⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        330⤵
        
        PID:684
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        329⤵
        
        PID:2164
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        328⤵
        
        PID:2788
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        327⤵
        
        PID:1568
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        326⤵
        
        PID:2540
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        325⤵
        
        PID:2464
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        324⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        323⤵
        
        PID:1660
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        322⤵
        
        PID:1512
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        321⤵
        
        PID:2988
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        320⤵
        
        PID:2864
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        319⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        318⤵
        
        PID:2336
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        317⤵
        
        PID:1304
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        316⤵
        
        PID:2176
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        315⤵
        
        PID:2172
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        314⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        313⤵
        
        PID:1012
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        312⤵
        
        PID:900
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        311⤵
        
        PID:2592
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        310⤵
        
        PID:944
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        309⤵
        
        PID:1720
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        308⤵
        
        PID:1532
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        307⤵
        
        PID:1116
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        306⤵
        
        PID:2332
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        305⤵
        
        PID:884
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        304⤵
        
        PID:2312
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        303⤵
        
        PID:2924
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        302⤵
        
        PID:972
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        301⤵
        
        PID:2792
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        300⤵
        
        PID:1700
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        299⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        298⤵
        
        PID:3056
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        297⤵
        
        PID:1028
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        296⤵
        
        PID:1360
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        295⤵
        
        PID:1112
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        294⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        293⤵
        
        PID:396
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        292⤵
        
        PID:436
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        291⤵
        
        PID:1536
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        290⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        289⤵
        
        PID:2200
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        288⤵
        
        PID:1572
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        287⤵
        
        PID:2276
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        286⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        285⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        284⤵
        
        PID:3028
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        283⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        282⤵
        
        PID:1792
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        281⤵
        
        PID:2456
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        280⤵
        
        PID:2796
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        279⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        278⤵
        
        PID:1704
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        277⤵
        
        PID:1584
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        276⤵
        
        PID:2460
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        275⤵
        
        PID:2696
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        274⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        273⤵
        
        PID:1284
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        272⤵
        
        PID:332
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        271⤵
        
        PID:752
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        270⤵
        
        PID:1776
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        269⤵
        
        PID:808
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        268⤵
        
        PID:2356
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        267⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        266⤵
        
        PID:1764
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        265⤵
        
        PID:1996
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        264⤵
        
        PID:1804
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        263⤵
        
        PID:2540
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        262⤵
        
        PID:904
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        261⤵
        
        PID:1528
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        260⤵
        
        PID:1788
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        259⤵
        
        PID:2412
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        258⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        257⤵
        
        PID:2416
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        256⤵
        
        PID:2388
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        255⤵
        
        PID:2508
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        254⤵
        
        PID:2832
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        253⤵
        
        PID:2336
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        252⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        251⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        250⤵
        
        PID:1304
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        249⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        248⤵
        
        PID:2176
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        247⤵
        
        PID:2676
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        246⤵
        
        PID:2264
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        245⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        244⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        243⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        242⤵
        
        PID:2680
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        241⤵
        
        PID:2012
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        240⤵
        
        PID:1844
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        239⤵
        
        PID:1388
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        238⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        237⤵
        
        PID:2600
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        236⤵
        
        PID:1028
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        235⤵
        
        PID:2352
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        234⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        233⤵
        
        PID:1620
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        232⤵
        
        PID:1812
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        231⤵
        
        PID:436
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        230⤵
        
        PID:2340
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        229⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        228⤵
        
        PID:3056
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        227⤵
        
        PID:1600
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        226⤵
        
        PID:2736
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        225⤵
        
        PID:776
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        224⤵
        
        PID:3016
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        223⤵
        
        PID:3024
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        222⤵
        
        PID:3052
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        221⤵
        
        PID:1668
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        220⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        219⤵
        
        PID:2384
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        218⤵
        
        PID:2296
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        217⤵
        
        PID:1704
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        216⤵
        
        PID:1572
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        215⤵
        
        PID:1636
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        214⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        213⤵
        
        PID:968
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        212⤵
        
        PID:536
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        211⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        210⤵
        
        PID:524
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        209⤵
        
        PID:2820
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        208⤵
        
        PID:1696
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        207⤵
        
        PID:2400
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        206⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        205⤵
        
        PID:332
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        204⤵
        
        PID:1764
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        203⤵
        
        PID:2840
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        202⤵
        
        PID:1804
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        201⤵
        
        PID:684
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        200⤵
        
        PID:1236
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        199⤵
        
        PID:2952
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        198⤵
        
        PID:2716
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        197⤵
        
        PID:2676
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        196⤵
        
        PID:2988
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        195⤵
        
        PID:1240
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        194⤵
        
        PID:1980
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        193⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        192⤵
        
        PID:2980
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        191⤵
        
        PID:868
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        190⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        189⤵
        
        PID:2244
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        188⤵
        
        PID:1660
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        187⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        186⤵
        
        PID:1768
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        185⤵
        
        PID:2024
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        184⤵
        
        PID:1336
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        183⤵
        
        PID:1788
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        182⤵
        
        PID:2472
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        181⤵
        
        PID:2368
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        180⤵
        
        PID:1512
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        179⤵
        
        PID:1048
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        178⤵
        
        PID:1552
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        177⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        176⤵
        
        PID:2932
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        175⤵
        
        PID:2388
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        174⤵
        
        PID:908
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        173⤵
        
        PID:1700
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        172⤵
        
        PID:1952
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        171⤵
        
        PID:976
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        170⤵
        
        PID:1528
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        169⤵
        
        PID:1644
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        168⤵
        
        PID:1504
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        167⤵
        
        PID:2804
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        166⤵
        
        PID:1688
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        165⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        164⤵
        
        PID:3004
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        163⤵
        
        PID:884
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        162⤵
        
        PID:1280
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        161⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        160⤵
        
        PID:1708
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        159⤵
        
        PID:1232
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        158⤵
        
        PID:2184
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        157⤵
        
        PID:1616
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        156⤵
        
        PID:2068
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        155⤵
        
        PID:656
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        154⤵
        
        PID:1652
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        153⤵
        
        PID:1368
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        152⤵
        
        PID:2304
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        151⤵
        
        PID:2812
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        150⤵
        
        PID:2176
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        149⤵
        
        PID:2000
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        148⤵
        
        PID:1740
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        147⤵
        
        PID:664
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        146⤵
        
        PID:1640
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        145⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        144⤵
        
        PID:2528
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        143⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        142⤵
        
        PID:316
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        141⤵
        
        PID:1444
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        140⤵
        
        PID:2084
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        139⤵
        
        PID:1744
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        138⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        137⤵
        
        PID:2632
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        136⤵
        
        PID:972
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        135⤵
        
        PID:2588
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        134⤵
        
        PID:2220
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        133⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        132⤵
        
        PID:2612
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        131⤵
        
        PID:2916
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        130⤵
        
        PID:2392
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        129⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        128⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        127⤵
        
        PID:2228
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        126⤵
        
        PID:2976
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        125⤵
        
        PID:1112
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        124⤵
        
        PID:744
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        123⤵
        
        PID:2428
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        122⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        121⤵
        
        PID:1028
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        120⤵
        
        PID:968
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        119⤵
        
        PID:1960
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        118⤵
        
        PID:1008
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        117⤵
        
        PID:2284
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        116⤵
        
        PID:852
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        115⤵
        
        PID:748
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        114⤵
        
        PID:1860
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        113⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        112⤵
        
        PID:2412
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        111⤵
        
        PID:2372
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        110⤵
        
        PID:1748
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        109⤵
        
        PID:1308
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        108⤵
        
        PID:2888
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        107⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        106⤵
        
        PID:2312
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        105⤵
        
        PID:1692
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        104⤵
        
        PID:2056
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        103⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        102⤵
        
        PID:2472
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        101⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        100⤵
        
        PID:1768
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        99⤵
        
        PID:1700
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        98⤵
        
        PID:1528
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        97⤵
        
        PID:976
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        96⤵
        
        PID:612
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        95⤵
        
        PID:560
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        94⤵
        
        PID:1504
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        93⤵
        
        PID:2516
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        92⤵
        
        PID:768
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        91⤵
        
        PID:1720
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        90⤵
        
        PID:2644
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        89⤵
        
        PID:2940
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        88⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        87⤵
        
        PID:2708
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        86⤵
        
        PID:1904
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        85⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        84⤵
        
        PID:1292
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        83⤵
        
        PID:1572
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        82⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        81⤵
        
        PID:2920
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        80⤵
        
        PID:1628
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        79⤵
        
        PID:2068
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        78⤵
        
        PID:1208
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        77⤵
        
        PID:2876
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        76⤵
        
        PID:2000
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        75⤵
        
        PID:2960
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        74⤵
        
        PID:316
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        73⤵
        
        PID:1984
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        72⤵
        
        PID:1980
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        71⤵
        
        PID:324
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        70⤵
        
        PID:1288
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        69⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        68⤵
        
        PID:1476
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        67⤵
        
        PID:1132
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        66⤵
        
        PID:2132
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        65⤵
        
        PID:2188
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        64⤵
        
        PID:2388
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        63⤵
        
        PID:2316
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        62⤵
        
        PID:1748
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        61⤵
        
        PID:2544
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        60⤵
        
        PID:2792
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        59⤵
        
        PID:1636
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        58⤵
        
        PID:940
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        57⤵
        
        PID:1700
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        56⤵
        
        PID:1428
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        55⤵
        
        PID:2248
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        54⤵
        
        PID:536
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        53⤵
        
        PID:932
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        52⤵
        
        PID:1088
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        51⤵
        
        PID:2196
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        50⤵
        
        PID:684
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        49⤵
        
        PID:2956
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        48⤵
        
        PID:2604
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        47⤵
        
        PID:584
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        46⤵
        
        PID:1444
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        45⤵
        
        PID:2944
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        44⤵
        
        PID:2948
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        43⤵
        
        PID:2516
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        42⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        41⤵
        
        PID:2760
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        40⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        39⤵
        
        PID:2980
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        38⤵
        
        PID:1904
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        37⤵
        
        PID:1600
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        36⤵
        
        PID:1668
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        35⤵
        
        PID:1512
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        34⤵
        
        PID:524
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        33⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        32⤵
        
        PID:1736
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        31⤵
        
        PID:1244
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        30⤵
        
        PID:904
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        29⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        28⤵
        
        PID:1856
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        27⤵
        
        PID:1532
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        26⤵
        
        PID:1332
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        25⤵
        
        PID:1964
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        24⤵
        
        PID:3060
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        23⤵
        
        PID:396
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        22⤵
        
        PID:1804
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        21⤵
        
        PID:2804
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        20⤵
        
        PID:2660
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        19⤵
        
        PID:2268
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        18⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        17⤵
        
        PID:928
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        16⤵
        
        PID:2460
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        15⤵
        
        PID:1708
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        14⤵
        
        PID:1636
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        13⤵
        
        PID:1852
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        12⤵
        
        PID:1232
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        11⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        10⤵
        
        PID:2856
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        9⤵
        
        PID:560
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        8⤵
        
        PID:580
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        7⤵
        
        PID:1996
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        6⤵
        
        PID:2776
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
        5⤵
        
        PID:2648
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
      4⤵
      PID:2720
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\012822~1.EXE > nul
    3⤵
    PID:2872
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\012822~1.EXE > nul
  2⤵
  - Deletes itself
  PID:2760

C:\Windows\system32\wbem\WMIADAP.EXE
wmiadap.exe /F /T /R
1⤵
PID:2632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe

Filesize
23KB

MD5
012822f0f44d0e4c2659f3fcfff85d72

SHA1
5966b73f4d39d5ea312bc9acc5068c8d42088a4e

SHA256
08ab91c3184a782e792c333f7ac789aed78cd3fe8500947c4c7e78f750800854

SHA512
c10129ca0559a17bb9c5b40342ac6b9680fb54ae3ada49374c5a9933c3d945d55c341ceee0cf1520cac3c2e7065f92a258c12deaf3720e03a9350052ad3db521

Download Submit
memory/632-188-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/656-116-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/656-133-0x0000000001CB0000-0x0000000001D02000-memory.dmp

Filesize
328KB

Download
memory/656-94-0x0000000001CB0000-0x0000000001D02000-memory.dmp

Filesize
328KB

Download
memory/656-95-0x0000000001CB0000-0x0000000001D02000-memory.dmp

Filesize
328KB

Download
memory/656-89-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/684-63-0x0000000000490000-0x00000000004E2000-memory.dmp

Filesize
328KB

Download
memory/684-70-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/692-166-0x0000000000470000-0x00000000004C2000-memory.dmp

Filesize
328KB

Download
memory/692-167-0x0000000000470000-0x00000000004C2000-memory.dmp

Filesize
328KB

Download
memory/692-169-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/752-104-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/752-100-0x00000000004E0000-0x0000000000532000-memory.dmp

Filesize
328KB

Download
memory/752-101-0x00000000004E0000-0x0000000000532000-memory.dmp

Filesize
328KB

Download
memory/796-128-0x0000000000590000-0x00000000005E2000-memory.dmp

Filesize
328KB

Download
memory/796-131-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/796-129-0x0000000000590000-0x00000000005E2000-memory.dmp

Filesize
328KB

Download
memory/796-123-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/968-184-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/968-176-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/968-179-0x0000000000470000-0x00000000004C2000-memory.dmp

Filesize
328KB

Download
memory/968-178-0x0000000000470000-0x00000000004C2000-memory.dmp

Filesize
328KB

Download
memory/1288-163-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/1288-171-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/1360-173-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/1360-177-0x0000000002030000-0x0000000002082000-memory.dmp

Filesize
328KB

Download
memory/1360-181-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/1428-114-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/1428-102-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/1428-107-0x0000000000470000-0x00000000004C2000-memory.dmp

Filesize
328KB

Download
memory/1492-76-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/1492-73-0x0000000000470000-0x00000000004C2000-memory.dmp

Filesize
328KB

Download
memory/1492-66-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/1492-72-0x0000000000470000-0x00000000004C2000-memory.dmp

Filesize
328KB

Download
memory/1508-247-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/1540-0-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/1540-3-0x0000000001E80000-0x0000000001ED2000-memory.dmp

Filesize
328KB

Download
memory/1540-16-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/1704-191-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/1704-189-0x0000000001F00000-0x0000000001F52000-memory.dmp

Filesize
328KB

Download
memory/1740-57-0x0000000001E10000-0x0000000001E62000-memory.dmp

Filesize
328KB

Download
memory/1740-65-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/1740-53-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/1792-140-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/1792-135-0x0000000000470000-0x00000000004C2000-memory.dmp

Filesize
328KB

Download
memory/1952-186-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/1952-182-0x0000000000470000-0x00000000004C2000-memory.dmp

Filesize
328KB

Download
memory/1996-248-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/2020-196-0x00000000003A0000-0x00000000003F2000-memory.dmp

Filesize
328KB

Download
memory/2020-198-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/2020-193-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/2020-197-0x00000000003A0000-0x00000000003F2000-memory.dmp

Filesize
328KB

Download
memory/2152-165-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/2152-158-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/2152-161-0x0000000001D50000-0x0000000001DA2000-memory.dmp

Filesize
328KB

Download
memory/2152-162-0x0000000001D50000-0x0000000001DA2000-memory.dmp

Filesize
328KB

Download
memory/2200-151-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/2200-154-0x0000000000460000-0x00000000004B2000-memory.dmp

Filesize
328KB

Download
memory/2200-156-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/2208-204-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/2220-211-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/2276-157-0x00000000005E0000-0x0000000000632000-memory.dmp

Filesize
328KB

Download
memory/2276-155-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/2276-160-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/2348-81-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/2348-91-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/2348-87-0x0000000002050000-0x00000000020A2000-memory.dmp

Filesize
328KB

Download
memory/2348-88-0x0000000002050000-0x00000000020A2000-memory.dmp

Filesize
328KB

Download
memory/2364-175-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/2364-172-0x0000000000470000-0x00000000004C2000-memory.dmp

Filesize
328KB

Download
memory/2456-143-0x0000000001EE0000-0x0000000001F32000-memory.dmp

Filesize
328KB

Download
memory/2456-142-0x0000000001EE0000-0x0000000001F32000-memory.dmp

Filesize
328KB

Download
memory/2456-144-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/2508-42-0x0000000000380000-0x00000000003D2000-memory.dmp

Filesize
328KB

Download
memory/2508-38-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/2508-50-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/2544-118-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/2544-147-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/2544-126-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/2576-17-0x0000000000830000-0x0000000000882000-memory.dmp

Filesize
328KB

Download
memory/2576-18-0x0000000000830000-0x0000000000882000-memory.dmp

Filesize
328KB

Download
memory/2576-10-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/2576-22-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/2604-52-0x00000000004D0000-0x0000000000522000-memory.dmp

Filesize
328KB

Download
memory/2604-59-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/2604-51-0x00000000004D0000-0x0000000000522000-memory.dmp

Filesize
328KB

Download
memory/2604-43-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/2616-35-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/2616-31-0x0000000001C80000-0x0000000001CD2000-memory.dmp

Filesize
328KB

Download
memory/2616-25-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/2632-30-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/2632-19-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/2644-37-0x0000000001F40000-0x0000000001F92000-memory.dmp

Filesize
328KB

Download
memory/2644-36-0x0000000001F40000-0x0000000001F92000-memory.dmp

Filesize
328KB

Download
memory/2644-45-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/2780-119-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/2780-109-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/2824-78-0x0000000001D40000-0x0000000001D92000-memory.dmp

Filesize
328KB

Download
memory/2824-79-0x0000000001D40000-0x0000000001D92000-memory.dmp

Filesize
328KB

Download
memory/2824-86-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/2864-201-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/2900-148-0x0000000002020000-0x0000000002072000-memory.dmp

Filesize
328KB

Download
memory/2900-149-0x0000000002020000-0x0000000002072000-memory.dmp

Filesize
328KB

Download
memory/2900-153-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/2952-243-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/2968-195-0x0000000000400000-0x0000000000451160-memory.dmp

Filesize
324KB

Download
memory/2968-192-0x0000000001DD0000-0x0000000001E22000-memory.dmp

Filesize
328KB

Download

description	ioc	Process
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe	012822f0f44d0e4c2659f3fcfff85d72_JaffaCakes118.exe