91965dc6502bf9537cc5ffbb07712eb5b1a4c7c65b740ed923e5b9bdd5764084

Analysis

max time kernel
34s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
03-07-2024 19:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Size

45KB
MD5

2373f9a4bd6afab0bb66a6eaa901b683
SHA1

04aa2f495e1ec539f53d699939637dc380614c64
SHA256

91965dc6502bf9537cc5ffbb07712eb5b1a4c7c65b740ed923e5b9bdd5764084
SHA512

905762a6953307525be2b5e1fd5cb596a40642f61b4fa1d24b802e438bbfb320833bf38fd33a2a44f76ee80ee26d12add01d63880875fba67c9c6ee57250fe1e
SSDEEP

768:ql5MArqCfY+XBaCWuwCuk8nqCnX04eU1w0444wY459dIkcYo+EJiBBBpt/zMV8wC:k/r/fY+XBhwCujnqCnX0g1w0444wY45F

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4404	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
552	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4424	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
2604	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4860	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4412	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
2088	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
1216	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
2092	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4072	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
3964	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
2864	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
3324	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
2860	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4836	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
1604	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
1744	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
1420	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
3016	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
3916	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4080	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
3984	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4504	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
1528	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4260	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
2216	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
2312	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
2640	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4796	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
3200	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4228	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
2552	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4116	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4720	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
1068	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4000	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4632	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
2480	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4204	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
2380	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4252	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
3280	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
440	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
452	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4992	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4996	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
2072	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4780	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
1652	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
1448	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
2240	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
2432	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
1324	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
3304	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
3576	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
2040	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
1844	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4600	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
2720	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
3400	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
3736	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
1532	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4856	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
3484	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncBasePriorityPrivilege	3068	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4404	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	552	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4424	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2604	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4860	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4412	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2088	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1216	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2092	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4072	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	3964	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2864	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	3324	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2860	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4836	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1604	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1744	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1420	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	3016	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	3916	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4080	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	3984	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4504	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1528	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4260	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2216	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2312	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2640	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4796	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	3200	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4228	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2552	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4116	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4720	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1068	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4000	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4632	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2480	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4204	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2380	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4252	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	3280	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	440	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	452	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4992	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4996	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2072	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4780	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1652	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1448	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2240	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2432	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1324	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	3304	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	3576	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2040	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1844	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4600	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2720	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	3400	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	3736	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1532	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4856	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3068	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
3068	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4404	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4404	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
552	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
552	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4424	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4424	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
2604	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
2604	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4860	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4860	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4412	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4412	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
2088	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
2088	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
1216	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
1216	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
2092	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
2092	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4072	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4072	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
3964	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
3964	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
2864	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
2864	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
3324	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
3324	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
2860	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
2860	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4836	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4836	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
1604	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
1604	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
1744	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
1744	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
1420	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
1420	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
3016	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
3016	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
3916	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
3916	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4080	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4080	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
3984	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
3984	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4504	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4504	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
1528	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
1528	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4260	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4260	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
2216	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
2216	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
2312	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
2312	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
2640	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
2640	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4796	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4796	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
3200	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
3200	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4228	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
4228	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 4404	3068	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	82
PID 3068 wrote to memory of 4404	3068	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	82
PID 3068 wrote to memory of 4404	3068	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	82
PID 4404 wrote to memory of 552	4404	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	83
PID 4404 wrote to memory of 552	4404	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	83
PID 4404 wrote to memory of 552	4404	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	83
PID 3068 wrote to memory of 232	3068	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	84
PID 3068 wrote to memory of 232	3068	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	84
PID 3068 wrote to memory of 232	3068	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	84
PID 552 wrote to memory of 4424	552	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	85
PID 552 wrote to memory of 4424	552	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	85
PID 552 wrote to memory of 4424	552	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	85
PID 4404 wrote to memory of 4576	4404	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	86
PID 4404 wrote to memory of 4576	4404	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	86
PID 4404 wrote to memory of 4576	4404	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	86
PID 4424 wrote to memory of 2604	4424	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	87
PID 4424 wrote to memory of 2604	4424	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	87
PID 4424 wrote to memory of 2604	4424	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	87
PID 552 wrote to memory of 1012	552	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	88
PID 552 wrote to memory of 1012	552	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	88
PID 552 wrote to memory of 1012	552	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	88
PID 2604 wrote to memory of 4860	2604	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	89
PID 2604 wrote to memory of 4860	2604	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	89
PID 2604 wrote to memory of 4860	2604	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	89
PID 4424 wrote to memory of 624	4424	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	90
PID 4424 wrote to memory of 624	4424	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	90
PID 4424 wrote to memory of 624	4424	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	90
PID 4860 wrote to memory of 4412	4860	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	91
PID 4860 wrote to memory of 4412	4860	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	91
PID 4860 wrote to memory of 4412	4860	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	91
PID 2604 wrote to memory of 528	2604	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	92
PID 2604 wrote to memory of 528	2604	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	92
PID 2604 wrote to memory of 528	2604	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	92
PID 4412 wrote to memory of 2088	4412	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	93
PID 4412 wrote to memory of 2088	4412	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	93
PID 4412 wrote to memory of 2088	4412	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	93
PID 4860 wrote to memory of 1280	4860	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	94
PID 4860 wrote to memory of 1280	4860	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	94
PID 4860 wrote to memory of 1280	4860	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	94
PID 2088 wrote to memory of 1216	2088	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	95
PID 2088 wrote to memory of 1216	2088	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	95
PID 2088 wrote to memory of 1216	2088	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	95
PID 4412 wrote to memory of 2496	4412	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	96
PID 4412 wrote to memory of 2496	4412	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	96
PID 4412 wrote to memory of 2496	4412	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	96
PID 1216 wrote to memory of 2092	1216	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	97
PID 1216 wrote to memory of 2092	1216	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	97
PID 1216 wrote to memory of 2092	1216	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	97
PID 2088 wrote to memory of 3672	2088	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	98
PID 2088 wrote to memory of 3672	2088	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	98
PID 2088 wrote to memory of 3672	2088	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	98
PID 2092 wrote to memory of 4072	2092	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	99
PID 2092 wrote to memory of 4072	2092	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	99
PID 2092 wrote to memory of 4072	2092	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	99
PID 1216 wrote to memory of 4832	1216	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	100
PID 1216 wrote to memory of 4832	1216	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	100
PID 1216 wrote to memory of 4832	1216	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	100
PID 4072 wrote to memory of 3964	4072	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	239
PID 4072 wrote to memory of 3964	4072	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	239
PID 4072 wrote to memory of 3964	4072	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	239
PID 2092 wrote to memory of 3296	2092	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	102
PID 2092 wrote to memory of 3296	2092	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	102
PID 2092 wrote to memory of 3296	2092	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	102
PID 3964 wrote to memory of 2864	3964	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	103

C:\Users\Admin\AppData\Local\Temp\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
  C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4404
- - C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
    C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:552
  - - C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
      C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4424
    - - C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        5⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2604
      - C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4860
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        7⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4412
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        8⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2088
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        9⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1216
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        10⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2092
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        11⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4072
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        12⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3964
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        13⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        14⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:3324
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        15⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:2860
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        16⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:4836
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        17⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:1604
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        18⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:1744
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        19⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:1420
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        20⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:3016
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        21⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:3916
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        22⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:4080
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        23⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:3984
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        24⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:4504
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        25⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:1528
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        26⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:4260
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        27⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:2216
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        28⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        29⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:2640
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        30⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:4796
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        31⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:3200
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        32⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:4228
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        33⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2552
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        34⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4116
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        35⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4720
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        36⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1068
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        37⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4000
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        38⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4632
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        39⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2480
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        40⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:4204
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        41⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2380
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        42⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4252
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        43⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3280
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        44⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:440
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        45⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:452
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        46⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4992
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        47⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4996
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        48⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2072
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        49⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:4780
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        50⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:1652
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        51⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1448
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        52⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2240
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        53⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2432
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        54⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1324
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        55⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3304
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        56⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3576
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        57⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2040
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        58⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1844
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        59⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4600
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        60⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2720
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        61⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3400
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        62⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3736
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        63⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1532
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        64⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4856
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        65⤵
        Executes dropped EXE
        
        PID:3484
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        66⤵
        
        PID:4244
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        67⤵
        
        PID:1636
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        68⤵
        
        PID:4720
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        69⤵
        
        PID:2272
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        70⤵
        
        PID:1372
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        71⤵
        
        PID:412
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        72⤵
        
        PID:2380
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        73⤵
        Drops file in System32 directory
        
        PID:4980
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        74⤵
        
        PID:552
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        75⤵
        
        PID:452
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        76⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        77⤵
        
        PID:2576
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        78⤵
        Drops file in System32 directory
        
        PID:788
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        79⤵
        
        PID:3964
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        80⤵
        Drops file in System32 directory
        
        PID:2432
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        81⤵
        
        PID:4528
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        82⤵
        Drops file in System32 directory
        
        PID:3304
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        83⤵
        
        PID:3916
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        84⤵
        Drops file in System32 directory
        
        PID:2008
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        85⤵
        
        PID:1468
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        86⤵
        
        PID:856
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        87⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        88⤵
        
        PID:3812
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        89⤵
        
        PID:1016
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        90⤵
        
        PID:1444
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        91⤵
        Drops file in System32 directory
        
        PID:3480
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        92⤵
        
        PID:4152
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        93⤵
        
        PID:4064
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        94⤵
        Drops file in System32 directory
        
        PID:4856
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        95⤵
        
        PID:4228
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        96⤵
        
        PID:4244
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        97⤵
        
        PID:5100
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        98⤵
        
        PID:4784
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        99⤵
        
        PID:3336
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        100⤵
        
        PID:3040
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        101⤵
        
        PID:412
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        102⤵
        
        PID:3708
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        103⤵
        
        PID:112
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        104⤵
        
        PID:452
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        105⤵
        
        PID:1652
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        106⤵
        
        PID:4772
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        107⤵
        
        PID:3964
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        108⤵
        
        PID:2408
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        109⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        110⤵
        
        PID:3576
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        111⤵
        
        PID:2256
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        112⤵
        
        PID:3180
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        113⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        114⤵
        
        PID:5028
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        115⤵
        
        PID:2056
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        116⤵
        
        PID:3736
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        117⤵
        
        PID:3264
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        118⤵
        
        PID:3768
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        119⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        120⤵
        Drops file in System32 directory
        
        PID:532
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        121⤵
        
        PID:1056
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        122⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        123⤵
        
        PID:4784
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        124⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        125⤵
        
        PID:4040
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        126⤵
        
        PID:2156
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        127⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        128⤵
        
        PID:2800
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        129⤵
        
        PID:1364
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        130⤵
        
        PID:2552
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        131⤵
        
        PID:3160
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        132⤵
        
        PID:892
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        133⤵
        
        PID:924
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        134⤵
        
        PID:1788
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        135⤵
        
        PID:1116
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        136⤵
        
        PID:2368
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        137⤵
        
        PID:4892
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        138⤵
        
        PID:4204
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        139⤵
        
        PID:232
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        140⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        141⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        142⤵
        
        PID:452
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        143⤵
        
        PID:1764
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        144⤵
        Drops file in System32 directory
        
        PID:2408
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        145⤵
        
        PID:2552
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        146⤵
        
        PID:1588
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        147⤵
        Drops file in System32 directory
        
        PID:1112
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        148⤵
        
        PID:2056
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        149⤵
        
        PID:3736
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        150⤵
        
        PID:4244
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        151⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        152⤵
        
        PID:2604
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        153⤵
        
        PID:2132
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        154⤵
        Drops file in System32 directory
        
        PID:1324
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        155⤵
        
        PID:3480
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        156⤵
        
        PID:932
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        157⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        158⤵
        Drops file in System32 directory
        
        PID:4616
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        159⤵
        
        PID:3484
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        160⤵
        
        PID:4476
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        161⤵
        
        PID:452
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        162⤵
        
        PID:2928
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        163⤵
        
        PID:4528
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        164⤵
        
        PID:3864
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        165⤵
        Drops file in System32 directory
        
        PID:4848
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        166⤵
        
        PID:3484
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        167⤵
        
        PID:4708
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        168⤵
        
        PID:3480
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        169⤵
        
        PID:4616
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        170⤵
        Drops file in System32 directory
        
        PID:3484
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        171⤵
        Drops file in System32 directory
        
        PID:1120
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        172⤵
        
        PID:3736
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        173⤵
        
        PID:5152
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        174⤵
        
        PID:5192
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        175⤵
        Drops file in System32 directory
        
        PID:5232
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        176⤵
        
        PID:5272
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        177⤵
        
        PID:5308
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        178⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        179⤵
        Drops file in System32 directory
        
        PID:5380
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        180⤵
        
        PID:5416
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        181⤵
        
        PID:5452
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        182⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        183⤵
        
        PID:5532
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        184⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        185⤵
        
        PID:5600
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        186⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        187⤵
        
        PID:5672
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        188⤵
        
        PID:5700
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        189⤵
        
        PID:5740
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        190⤵
        
        PID:5776
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        191⤵
        
        PID:5808
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        192⤵
        
        PID:5844
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        193⤵
        
        PID:5880
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        194⤵
        
        PID:5920
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        195⤵
        
        PID:5956
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        196⤵
        
        PID:5984
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        197⤵
        
        PID:6024
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        198⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        199⤵
        
        PID:6108
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        200⤵
        Drops file in System32 directory
        
        PID:4708
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        201⤵
        
        PID:1120
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        202⤵
        
        PID:5156
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        203⤵
        
        PID:5192
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        204⤵
        
        PID:5288
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        205⤵
        
        PID:5348
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        206⤵
        
        PID:5380
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        207⤵
        
        PID:5448
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        208⤵
        
        PID:5504
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        209⤵
        
        PID:5532
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        210⤵
        
        PID:3312
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        211⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        212⤵
        
        PID:2640
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        213⤵
        Drops file in System32 directory
        
        PID:3088
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        214⤵
        
        PID:5712
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        215⤵
        
        PID:5824
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        216⤵
        
        PID:5836
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        217⤵
        
        PID:5844
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        218⤵
        
        PID:5924
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        219⤵
        
        PID:4100
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        220⤵
        
        PID:6088
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        221⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        222⤵
        
        PID:464
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        223⤵
        
        PID:5144
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        224⤵
        
        PID:5172
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        225⤵
        Drops file in System32 directory
        
        PID:5156
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        226⤵
        
        PID:5412
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        227⤵
        
        PID:5396
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        228⤵
        
        PID:1868
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        229⤵
        
        PID:5528
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        230⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        231⤵
        
        PID:5604
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        232⤵
        
        PID:3536
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        233⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        234⤵
        
        PID:5808
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        235⤵
        
        PID:5876
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        236⤵
        
        PID:4224
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        237⤵
        
        PID:1240
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        238⤵
        
        PID:5980
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        239⤵
        
        PID:6092
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        240⤵
        
        PID:6140
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        241⤵
        
        PID:5136
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        242⤵
        Drops file in System32 directory
        
        PID:5260
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        243⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        244⤵
        
        PID:5348
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        245⤵
        
        PID:1868
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        246⤵
        
        PID:5588
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        247⤵
        
        PID:3804
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        248⤵
        
        PID:5756
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        249⤵
        Drops file in System32 directory
        
        PID:5828
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        250⤵
        
        PID:4168
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        251⤵
        
        PID:5956
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        252⤵
        
        PID:1240
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        253⤵
        
        PID:6024
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        254⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        255⤵
        
        PID:5412
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        256⤵
        
        PID:5348
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        257⤵
        
        PID:3500
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        258⤵
        
        PID:4924
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        259⤵
        
        PID:5808
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        260⤵
        
        PID:5984
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        261⤵
        Drops file in System32 directory
        
        PID:5184
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        262⤵
        
        PID:5172
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        263⤵
        
        PID:5448
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        264⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        265⤵
        
        PID:5696
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        266⤵
        
        PID:4924
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        267⤵
        Drops file in System32 directory
        
        PID:2540
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        268⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        269⤵
        
        PID:5220
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        270⤵
        
        PID:5348
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        271⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        272⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        273⤵
        Drops file in System32 directory
        
        PID:4524
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        274⤵
        
        PID:1652
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        275⤵
        
        PID:752
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        276⤵
        
        PID:5220
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        277⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        278⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        279⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        280⤵
        
        PID:4524
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        281⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        282⤵
        Drops file in System32 directory
        
        PID:3764
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        283⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        284⤵
        
        PID:5448
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        285⤵
        
        PID:3308
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        286⤵
        Drops file in System32 directory
        
        PID:4556
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        287⤵
        Drops file in System32 directory
        
        PID:6172
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        288⤵
        
        PID:6208
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        289⤵
        
        PID:6248
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        290⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        291⤵
        
        PID:6316
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        292⤵
        Drops file in System32 directory
        
        PID:6348
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        293⤵
        
        PID:6388
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        294⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        295⤵
        
        PID:6456
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        296⤵
        Drops file in System32 directory
        
        PID:6496
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        297⤵
        
        PID:6532
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        298⤵
        
        PID:6572
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        299⤵
        
        PID:6608
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        300⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        301⤵
        
        PID:6684
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        302⤵
        
        PID:6720
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        303⤵
        
        PID:6760
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        304⤵
        
        PID:6792
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        305⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        306⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        307⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        308⤵
        
        PID:6932
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        309⤵
        
        PID:6976
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        310⤵
        Drops file in System32 directory
        
        PID:7016
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        311⤵
        Drops file in System32 directory
        
        PID:7052
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        312⤵
        
        PID:7092
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        313⤵
        
        PID:7140
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        314⤵
        
        PID:2680
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        315⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        316⤵
        
        PID:6172
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        317⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        318⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        319⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        320⤵
        
        PID:6476
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        321⤵
        
        PID:6460
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        322⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        323⤵
        
        PID:6596
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        324⤵
        
        PID:6632
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        325⤵
        
        PID:2496
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        326⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        327⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        328⤵
        
        PID:2848
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        329⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        330⤵
        
        PID:6908
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        331⤵
        
        PID:6916
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        332⤵
        Drops file in System32 directory
        
        PID:6932
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        333⤵
        
        PID:7020
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        334⤵
        
        PID:7052
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        335⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        336⤵
        
        PID:4556
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        337⤵
        
        PID:6156
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        338⤵
        
        PID:6212
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        339⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        340⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        341⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        342⤵
        
        PID:5108
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        343⤵
        
        PID:6612
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        344⤵
        
        PID:6608
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        345⤵
        
        PID:1076
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        346⤵
        Drops file in System32 directory
        
        PID:6744
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        347⤵
        
        PID:6856
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        348⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        349⤵
        
        PID:1692
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        350⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        351⤵
        
        PID:7020
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        352⤵
        
        PID:4180
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        353⤵
        
        PID:7144
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        354⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        355⤵
        
        PID:6156
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        356⤵
        
        PID:6336
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        357⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        358⤵
        
        PID:6520
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        359⤵
        
        PID:2068
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        360⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        361⤵
        
        PID:4036
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        362⤵
        Drops file in System32 directory
        
        PID:6604
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        363⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        364⤵
        
        PID:6760
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        365⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        366⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        367⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        368⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        369⤵
        
        PID:7092
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        370⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        371⤵
        
        PID:4916
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        372⤵
        
        PID:6212
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        373⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        374⤵
        
        PID:964
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        375⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        376⤵
        
        PID:244
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        377⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        378⤵
        Drops file in System32 directory
        
        PID:6708
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        379⤵
        
        PID:5048
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        380⤵
        Drops file in System32 directory
        
        PID:740
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        381⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        382⤵
        
        PID:1776
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        383⤵
        
        PID:4996
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        384⤵
        
        PID:4204
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        385⤵
        
        PID:7096
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        386⤵
        Drops file in System32 directory
        
        PID:4380
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        387⤵
        Drops file in System32 directory
        
        PID:2512
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        388⤵
        
        PID:464
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        389⤵
        
        PID:3400
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        390⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        391⤵
        
        PID:5372
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        392⤵
        
        PID:3352
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        393⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        394⤵
        Drops file in System32 directory
        
        PID:5100
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        395⤵
        Drops file in System32 directory
        
        PID:1884
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        396⤵
        Drops file in System32 directory
        
        PID:4292
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        397⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        398⤵
        
        PID:1776
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        399⤵
        
        PID:2692
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        400⤵
        
        PID:7096
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        401⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        402⤵
        
        PID:5128
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        403⤵
        
        PID:6052
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        404⤵
        
        PID:5336
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        405⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        406⤵
        
        PID:3352
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        407⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        408⤵
        Drops file in System32 directory
        
        PID:6612
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        409⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        410⤵
        
        PID:1372
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        411⤵
        
        PID:4576
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        412⤵
        
        PID:6564
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        413⤵
        
        PID:5432
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        414⤵
        
        PID:5536
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        415⤵
        
        PID:2692
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        416⤵
        
        PID:6212
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        417⤵
        
        PID:916
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        418⤵
        Drops file in System32 directory
        
        PID:4152
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        419⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        420⤵
        Drops file in System32 directory
        
        PID:5212
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        421⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        422⤵
        
        PID:6916
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        423⤵
        
        PID:4784
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        424⤵
        
        PID:892
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        425⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        426⤵
        
        PID:7096
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        427⤵
        
        PID:4916
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        428⤵
        
        PID:916
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        429⤵
        
        PID:4124
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        430⤵
        
        PID:4900
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        431⤵
        
        PID:4296
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        432⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        433⤵
        Drops file in System32 directory
        
        PID:4376
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        434⤵
        
        PID:808
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        435⤵
        
        PID:6564
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        436⤵
        
        PID:5088
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        437⤵
        
        PID:924
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        438⤵
        
        PID:7096
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        439⤵
        
        PID:1720
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        440⤵
        
        PID:3736
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        441⤵
        
        PID:2848
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        442⤵
        
        PID:3348
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        443⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        444⤵
        
        PID:3392
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        445⤵
        Drops file in System32 directory
        
        PID:5276
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        446⤵
        
        PID:4376
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        447⤵
        
        PID:3684
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        448⤵
        
        PID:5204
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        449⤵
        
        PID:5356
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        450⤵
        
        PID:4916
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        451⤵
        
        PID:5512
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        452⤵
        
        PID:5540
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        453⤵
        
        PID:5648
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        454⤵
        
        PID:5688
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        455⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        456⤵
        Drops file in System32 directory
        
        PID:6708
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        457⤵
        
        PID:3672
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        458⤵
        
        PID:6024
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        459⤵
        
        PID:5168
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        460⤵
        
        PID:3568
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        461⤵
        
        PID:2072
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        462⤵
        
        PID:5176
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        463⤵
        
        PID:6120
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        464⤵
        
        PID:924
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        465⤵
        
        PID:916
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        466⤵
        Drops file in System32 directory
        
        PID:5612
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        467⤵
        Drops file in System32 directory
        
        PID:3052
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        468⤵
        
        PID:5384
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        469⤵
        
        PID:5716
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        470⤵
        
        PID:5876
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        471⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        472⤵
        Drops file in System32 directory
        
        PID:3672
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        473⤵
        
        PID:5908
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        474⤵
        
        PID:5812
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        475⤵
        
        PID:5920
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        476⤵
        
        PID:5200
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        477⤵
        
        PID:6064
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        478⤵
        
        PID:5140
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        479⤵
        
        PID:3484
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        480⤵
        
        PID:1216
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        481⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        482⤵
        
        PID:5400
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        483⤵
        
        PID:5272
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        484⤵
        
        PID:5468
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        485⤵
        
        PID:6672
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        486⤵
        
        PID:4892
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        487⤵
        
        PID:5752
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        488⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        489⤵
        Drops file in System32 directory
        
        PID:6820
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        490⤵
        
        PID:5908
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        491⤵
        Drops file in System32 directory
        
        PID:876
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        492⤵
        
        PID:4780
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        493⤵
        
        PID:5200
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        494⤵
        
        PID:6960
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        495⤵
        
        PID:3160
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        496⤵
        
        PID:1872
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        497⤵
        
        PID:5376
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        498⤵
        
        PID:5580
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        499⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        500⤵
        
        PID:5384
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        501⤵
        
        PID:2368
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        502⤵
        
        PID:2348
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        503⤵
        
        PID:6488
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        504⤵
        
        PID:5616
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        505⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        506⤵
        
        PID:4080
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        507⤵
        
        PID:2804
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        508⤵
        
        PID:3804
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        509⤵
        
        PID:3392
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        510⤵
        
        PID:5908
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        511⤵
        
        PID:5172
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        512⤵
        
        PID:5352
        
        C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        
        C:\Windows\system32\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
        513⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        511⤵
        
        PID:4100
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        510⤵
        
        PID:6068
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        509⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        508⤵
        
        PID:5880
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        507⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        506⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        505⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        504⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        503⤵
        
        PID:3260
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        502⤵
        
        PID:1900
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        501⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        500⤵
        
        PID:3360
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        499⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        498⤵
        
        PID:5760
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        497⤵
        
        PID:1216
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        496⤵
        
        PID:7044
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        495⤵
        
        PID:5140
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        494⤵
        
        PID:6108
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        493⤵
        
        PID:5936
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        492⤵
        
        PID:1116
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        491⤵
        
        PID:5248
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        490⤵
        
        PID:6852
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        489⤵
        
        PID:2660
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        488⤵
        
        PID:3628
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        487⤵
        
        PID:3328
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        486⤵
        
        PID:6712
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        485⤵
        
        PID:1320
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        484⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        483⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        482⤵
        
        PID:5472
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        481⤵
        
        PID:3724
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        480⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        479⤵
        
        PID:5028
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        478⤵
        
        PID:4276
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        477⤵
        
        PID:5356
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        476⤵
        
        PID:232
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        475⤵
        
        PID:5176
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        474⤵
        
        PID:808
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        473⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        472⤵
        
        PID:1112
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        471⤵
        
        PID:5792
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        470⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        469⤵
        
        PID:4900
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        468⤵
        
        PID:5220
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        467⤵
        
        PID:2860
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        466⤵
        
        PID:5648
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        465⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        464⤵
        
        PID:6056
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        463⤵
        
        PID:5428
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        462⤵
        
        PID:5244
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        461⤵
        
        PID:5388
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        460⤵
        
        PID:4376
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        459⤵
        
        PID:2676
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        458⤵
        
        PID:7040
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        457⤵
        
        PID:5820
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        456⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        455⤵
        
        PID:3348
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        454⤵
        
        PID:1640
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        453⤵
        
        PID:3524
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        452⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        451⤵
        
        PID:5576
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        450⤵
        
        PID:4152
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        449⤵
        
        PID:1016
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        448⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        447⤵
        
        PID:5324
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        446⤵
        
        PID:5288
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        445⤵
        
        PID:4784
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        444⤵
        
        PID:4292
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        443⤵
        
        PID:5280
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        442⤵
        
        PID:5260
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        441⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        440⤵
        
        PID:4864
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        439⤵
        
        PID:4124
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        438⤵
        
        PID:5844
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        437⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        436⤵
        
        PID:6204
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        435⤵
        
        PID:6156
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        434⤵
        
        PID:3984
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        433⤵
        
        PID:3040
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        432⤵
        
        PID:1204
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        431⤵
        
        PID:5180
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        430⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        429⤵
        
        PID:5212
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        428⤵
        
        PID:3352
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        427⤵
        
        PID:5044
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        426⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        425⤵
        
        PID:1420
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        424⤵
        
        PID:5432
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        423⤵
        
        PID:2012
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        422⤵
        
        PID:4576
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        421⤵
        
        PID:376
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        420⤵
        
        PID:1884
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        419⤵
        
        PID:5492
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        418⤵
        
        PID:2480
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        417⤵
        
        PID:5336
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        416⤵
        
        PID:4828
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        415⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        414⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        413⤵
        
        PID:1860
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        412⤵
        
        PID:552
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        411⤵
        
        PID:5304
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        410⤵
        
        PID:4240
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        409⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        408⤵
        
        PID:1736
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        407⤵
        
        PID:2228
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        406⤵
        
        PID:3204
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        405⤵
        
        PID:6136
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        404⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        403⤵
        
        PID:5372
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        402⤵
        
        PID:1712
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        401⤵
        
        PID:788
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        400⤵
        
        PID:2512
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        399⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        398⤵
        
        PID:4428
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        397⤵
        
        PID:6952
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        396⤵
        
        PID:4196
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        395⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        394⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        393⤵
        
        PID:912
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        392⤵
        
        PID:4228
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        391⤵
        
        PID:5108
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        390⤵
        
        PID:1532
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        389⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        388⤵
        
        PID:6588
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        387⤵
        
        PID:6476
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        386⤵
        
        PID:3336
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        385⤵
        
        PID:1088
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        384⤵
        
        PID:4180
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        383⤵
        
        PID:60
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        382⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        381⤵
        
        PID:7056
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        380⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        379⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        378⤵
        
        PID:3508
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        377⤵
        
        PID:1076
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        376⤵
        
        PID:1788
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        375⤵
        
        PID:2312
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        374⤵
        
        PID:2384
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        373⤵
        
        PID:6532
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        372⤵
        
        PID:6444
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        371⤵
        
        PID:6336
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        370⤵
        
        PID:2992
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        369⤵
        
        PID:6264
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        368⤵
        
        PID:6228
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        367⤵
        
        PID:4252
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        366⤵
        
        PID:1692
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        365⤵
        
        PID:2508
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        364⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        363⤵
        
        PID:2020
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        362⤵
        
        PID:3816
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        361⤵
        
        PID:6784
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        360⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        359⤵
        
        PID:3964
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        358⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        357⤵
        
        PID:3280
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        356⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        355⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        354⤵
        
        PID:940
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        353⤵
        
        PID:4556
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        352⤵
        
        PID:6304
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        351⤵
        
        PID:3712
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        350⤵
        
        PID:3916
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        349⤵
        
        PID:3716
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        348⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        347⤵
        
        PID:6908
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        346⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        345⤵
        
        PID:6816
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        344⤵
        
        PID:6800
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        343⤵
        
        PID:6632
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        342⤵
        
        PID:6636
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        341⤵
        
        PID:6556
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        340⤵
        
        PID:6516
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        339⤵
        
        PID:6348
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        338⤵
        
        PID:6344
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        337⤵
        
        PID:1844
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        336⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        335⤵
        
        PID:5448
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        334⤵
        
        PID:1652
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        333⤵
        
        PID:3376
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        332⤵
        
        PID:7016
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        331⤵
        
        PID:6980
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        330⤵
        
        PID:6928
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        329⤵
        
        PID:6864
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        328⤵
        
        PID:4544
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        327⤵
        
        PID:3740
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        326⤵
        
        PID:116
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        325⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        324⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        323⤵
        
        PID:4636
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        322⤵
        
        PID:6572
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        321⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        320⤵
        
        PID:6456
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        319⤵
        
        PID:6440
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        318⤵
        
        PID:6436
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        317⤵
        
        PID:6320
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        316⤵
        
        PID:6276
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        315⤵
        
        PID:6244
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        314⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        313⤵
        
        PID:6152
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        312⤵
        
        PID:7152
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        311⤵
        
        PID:7100
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        310⤵
        
        PID:7064
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        309⤵
        
        PID:7028
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        308⤵
        
        PID:6984
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        307⤵
        
        PID:6944
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        306⤵
        
        PID:6900
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        305⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        304⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        303⤵
        
        PID:6804
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        302⤵
        
        PID:6768
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        301⤵
        
        PID:6732
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        300⤵
        
        PID:6692
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        299⤵
        
        PID:6652
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        298⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        297⤵
        
        PID:6580
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        296⤵
        
        PID:6540
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        295⤵
        
        PID:6504
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        294⤵
        
        PID:6468
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        293⤵
        
        PID:6428
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        292⤵
        
        PID:6396
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        291⤵
        
        PID:6356
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        290⤵
        
        PID:6324
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        289⤵
        
        PID:6288
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        288⤵
        
        PID:6256
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        287⤵
        
        PID:6216
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        286⤵
        
        PID:6184
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        285⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        284⤵
        
        PID:5864
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        283⤵
        
        PID:4524
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        282⤵
        
        PID:5924
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        281⤵
        
        PID:5768
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        280⤵
        
        PID:5136
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        279⤵
        
        PID:1744
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        278⤵
        
        PID:5696
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        277⤵
        
        PID:4924
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        276⤵
        
        PID:5348
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        275⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        274⤵
        
        PID:5984
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        273⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        272⤵
        
        PID:1892
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        271⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        270⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        269⤵
        
        PID:5412
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        268⤵
        
        PID:5592
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        267⤵
        
        PID:6128
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        266⤵
        
        PID:3868
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        265⤵
        
        PID:4932
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        264⤵
        
        PID:3344
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        263⤵
        
        PID:4560
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        262⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        261⤵
        
        PID:6088
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        260⤵
        
        PID:5300
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        259⤵
        
        PID:6044
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        258⤵
        
        PID:5828
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        257⤵
        
        PID:5712
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        256⤵
        
        PID:5588
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        255⤵
        
        PID:5620
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        254⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        253⤵
        
        PID:5516
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        252⤵
        
        PID:2804
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        251⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        250⤵
        
        PID:4224
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        249⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        248⤵
        
        PID:4508
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        247⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        246⤵
        
        PID:5708
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        245⤵
        
        PID:100
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        244⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        243⤵
        
        PID:5396
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        242⤵
        
        PID:5308
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        241⤵
        
        PID:5360
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        240⤵
        
        PID:5144
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        239⤵
        
        PID:4804
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        238⤵
        
        PID:6132
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        237⤵
        
        PID:4100
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        236⤵
        
        PID:5936
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        235⤵
        
        PID:2492
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        234⤵
        
        PID:6004
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        233⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        232⤵
        
        PID:5736
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        231⤵
        
        PID:5672
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        230⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        229⤵
        
        PID:5616
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        228⤵
        
        PID:5556
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        227⤵
        
        PID:5452
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        226⤵
        
        PID:5468
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        225⤵
        
        PID:5332
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        224⤵
        
        PID:5400
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        223⤵
        
        PID:1120
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        222⤵
        
        PID:5140
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        221⤵
        
        PID:1176
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        220⤵
        
        PID:6064
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        219⤵
        
        PID:6096
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        218⤵
        
        PID:5972
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        217⤵
        
        PID:5952
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        216⤵
        
        PID:5896
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        215⤵
        
        PID:5812
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        214⤵
        
        PID:5804
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        213⤵
        
        PID:5700
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        212⤵
        
        PID:4448
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        211⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        210⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        209⤵
        
        PID:5628
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        208⤵
        
        PID:5568
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        207⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        206⤵
        
        PID:5520
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        205⤵
        
        PID:3724
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        204⤵
        
        PID:5436
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        203⤵
        
        PID:5328
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        202⤵
        
        PID:5240
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        201⤵
        
        PID:5152
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        200⤵
        
        PID:5124
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        199⤵
        
        PID:232
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        198⤵
        
        PID:6116
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        197⤵
        
        PID:6080
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        196⤵
        
        PID:6032
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        195⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        194⤵
        
        PID:5964
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        193⤵
        
        PID:5928
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        192⤵
        
        PID:5888
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        191⤵
        
        PID:5852
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        190⤵
        
        PID:5816
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        189⤵
        
        PID:5784
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        188⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        187⤵
        
        PID:5716
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        186⤵
        
        PID:5684
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        185⤵
        
        PID:5644
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        184⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        183⤵
        
        PID:5572
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        182⤵
        
        PID:5540
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        181⤵
        
        PID:5508
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        180⤵
        
        PID:5460
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        179⤵
        
        PID:5424
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        178⤵
        
        PID:5388
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        177⤵
        
        PID:5352
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        176⤵
        
        PID:5316
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        175⤵
        
        PID:5280
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        174⤵
        
        PID:5248
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        173⤵
        
        PID:5200
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        172⤵
        
        PID:5164
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        171⤵
        
        PID:5128
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        170⤵
        
        PID:1112
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        169⤵
        
        PID:4080
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        168⤵
        
        PID:4980
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        167⤵
        
        PID:932
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        166⤵
        
        PID:2340
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        165⤵
        
        PID:1056
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        164⤵
        
        PID:2544
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        163⤵
        
        PID:924
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        162⤵
        
        PID:2408
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        161⤵
        
        PID:2132
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        160⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        159⤵
        
        PID:4244
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        158⤵
        
        PID:808
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        157⤵
        
        PID:1084
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        156⤵
        
        PID:4376
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        155⤵
        
        PID:3668
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        154⤵
        
        PID:3160
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        153⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        152⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        151⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        150⤵
        
        PID:2380
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        149⤵
        
        PID:4892
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        148⤵
        
        PID:1116
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        147⤵
        
        PID:4920
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        146⤵
        
        PID:1320
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        145⤵
        
        PID:3984
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        144⤵
        
        PID:2244
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        143⤵
        
        PID:1860
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        142⤵
        
        PID:2800
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        141⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        140⤵
        
        PID:112
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        139⤵
        
        PID:2012
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        138⤵
        
        PID:4784
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        137⤵
        
        PID:4240
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        136⤵
        
        PID:1636
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        135⤵
        
        PID:2876
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        134⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        133⤵
        
        PID:1344
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        132⤵
        
        PID:1016
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        131⤵
        
        PID:1468
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        130⤵
        
        PID:4728
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        129⤵
        
        PID:3316
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        128⤵
        
        PID:1744
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        127⤵
        
        PID:1652
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        126⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        125⤵
        
        PID:4320
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        124⤵
        
        PID:1376
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        123⤵
        
        PID:1372
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        122⤵
        
        PID:4900
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        121⤵
        
        PID:5100
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        120⤵
        
        PID:2480
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        119⤵
        
        PID:4228
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        118⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        117⤵
        
        PID:4152
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        116⤵
        
        PID:1532
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        115⤵
        
        PID:1824
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        114⤵
        
        PID:676
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        113⤵
        
        PID:1712
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        112⤵
        
        PID:448
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        111⤵
        
        PID:3392
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        110⤵
        
        PID:1280
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        109⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        108⤵
        
        PID:2860
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        107⤵
        
        PID:1896
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        106⤵
        
        PID:2692
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        105⤵
        
        PID:4428
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        104⤵
        
        PID:4780
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        103⤵
        
        PID:2072
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        102⤵
        
        PID:4196
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        101⤵
        
        PID:2172
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        100⤵
        
        PID:1840
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        99⤵
        
        PID:4332
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        98⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        97⤵
        
        PID:740
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        96⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        95⤵
        
        PID:3740
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        94⤵
        
        PID:3508
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        93⤵
        
        PID:3684
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        92⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        91⤵
        
        PID:3196
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        90⤵
        
        PID:3364
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        89⤵
        
        PID:244
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        88⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        87⤵
        
        PID:3400
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        86⤵
        
        PID:4756
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        85⤵
        
        PID:4080
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        84⤵
        
        PID:2496
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        83⤵
        
        PID:1088
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        82⤵
        
        PID:3388
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        81⤵
        
        PID:4036
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        80⤵
        
        PID:624
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        79⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        78⤵
        
        PID:1440
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        77⤵
        
        PID:3272
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        76⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        75⤵
        
        PID:2512
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        74⤵
        
        PID:628
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        73⤵
        
        PID:3292
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        72⤵
        
        PID:940
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        71⤵
        
        PID:4180
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        70⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        69⤵
        
        PID:1772
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        68⤵
        
        PID:1776
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        67⤵
        
        PID:4516
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        66⤵
        
        PID:4912
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        65⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        64⤵
        
        PID:4636
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        63⤵
        
        PID:2660
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        62⤵
        
        PID:4112
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        61⤵
        
        PID:4524
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        60⤵
        
        PID:4604
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        59⤵
        
        PID:544
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        58⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        57⤵
        
        PID:3320
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        56⤵
        
        PID:3764
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        55⤵
        
        PID:1176
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        54⤵
        
        PID:3536
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        53⤵
        
        PID:3324
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        52⤵
        
        PID:3088
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        51⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        50⤵
        
        PID:3804
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        49⤵
        
        PID:2540
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        48⤵
        
        PID:4068
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        47⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        46⤵
        
        PID:2160
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        45⤵
        
        PID:944
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        44⤵
        
        PID:1204
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        43⤵
        
        PID:3076
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        42⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        41⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        40⤵
        
        PID:1080
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        39⤵
        
        PID:3096
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        38⤵
        
        PID:2208
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        37⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        36⤵
        
        PID:3352
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        35⤵
        
        PID:3116
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        34⤵
        
        PID:4624
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        33⤵
        
        PID:3768
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        32⤵
        
        PID:1200
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        31⤵
        
        PID:688
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        30⤵
        
        PID:3360
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        29⤵
        
        PID:2408
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        28⤵
        
        PID:1496
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        27⤵
        
        PID:1996
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        26⤵
        
        PID:1112
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        25⤵
        
        PID:536
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        24⤵
        
        PID:3816
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        23⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        22⤵
        
        PID:4508
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        21⤵
        
        PID:4440
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        20⤵
        
        PID:2468
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        19⤵
        
        PID:4388
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        18⤵
        
        PID:4172
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        17⤵
        
        PID:4920
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        16⤵
        
        PID:2056
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        15⤵
        
        PID:3380
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        14⤵
        
        PID:1672
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        13⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        12⤵
        
        PID:5100
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        11⤵
        
        PID:3296
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        10⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        9⤵
        
        PID:3672
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        8⤵
        
        PID:2496
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        7⤵
        
        PID:1280
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        6⤵
        
        PID:528
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
        5⤵
        
        PID:624
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
      4⤵
      PID:1012
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\2373F9~1.EXE > nul
    3⤵
    PID:4576
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2373F9~1.EXE > nul
  2⤵
  PID:232

C:\Windows\System32\mousocoreworker.exe
C:\Windows\System32\mousocoreworker.exe -Embedding
1⤵
PID:4356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe

Filesize
45KB

MD5
2373f9a4bd6afab0bb66a6eaa901b683

SHA1
04aa2f495e1ec539f53d699939637dc380614c64

SHA256
91965dc6502bf9537cc5ffbb07712eb5b1a4c7c65b740ed923e5b9bdd5764084

SHA512
905762a6953307525be2b5e1fd5cb596a40642f61b4fa1d24b802e438bbfb320833bf38fd33a2a44f76ee80ee26d12add01d63880875fba67c9c6ee57250fe1e

Download Submit
memory/216-524-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/216-501-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/412-155-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/412-157-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/440-105-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/452-161-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/452-107-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/552-10-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/552-160-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/788-523-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/912-493-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/924-481-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/1068-88-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/1068-84-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/1216-500-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/1216-26-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/1324-128-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/1372-156-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/1420-49-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/1448-121-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/1528-63-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/1532-148-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/1532-146-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/1604-44-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/1636-152-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/1652-118-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/1652-114-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/1744-42-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/1744-46-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/1844-137-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/1844-134-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/1972-513-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/2072-113-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/2088-24-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/2088-20-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/2092-28-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/2132-487-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/2216-64-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/2216-69-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/2240-119-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/2240-123-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/2272-154-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/2284-488-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/2312-67-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/2312-71-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/2380-99-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/2380-158-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/2432-125-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/2480-95-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/2480-91-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/2552-81-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/2576-512-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/2604-16-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/2604-11-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/2640-73-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/2720-143-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/2720-138-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/2756-475-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/2756-498-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/2860-39-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/2864-34-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/3016-51-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/3016-47-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/3068-6-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/3068-0-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/3112-486-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/3200-77-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/3216-504-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/3280-103-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/3304-126-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/3304-131-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/3324-37-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/3352-477-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/3360-502-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/3376-516-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/3400-145-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/3400-141-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/3484-150-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/3524-496-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/3576-133-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/3576-129-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/3628-492-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/3756-506-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/3916-54-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/3964-29-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/3964-33-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/3984-55-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/3984-59-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/4000-90-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/4028-517-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/4072-31-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/4080-57-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/4080-52-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/4116-83-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/4164-519-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/4204-97-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/4228-79-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/4244-151-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/4252-101-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/4260-66-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/4300-478-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/4404-8-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/4412-22-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/4412-17-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/4424-13-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/4504-61-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/4576-479-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/4600-140-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/4632-93-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/4644-490-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/4716-505-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/4720-153-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/4720-86-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/4780-116-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/4796-75-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/4836-41-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/4856-149-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/4860-14-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/4860-19-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/4980-159-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/4992-109-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/4996-111-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/5084-491-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/5252-489-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/5272-503-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/5556-521-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/5812-494-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/5824-520-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/5944-497-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/6032-485-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/6164-510-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/6328-514-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/6840-518-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/6844-495-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/6856-508-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/6916-480-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/6920-511-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/7056-507-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/7056-515-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/7116-509-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/7120-522-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download
memory/7132-499-0x0000000000400000-0x000000000044A200-memory.dmp

Filesize
296KB

Download

description	ioc	Process
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe	2373f9a4bd6afab0bb66a6eaa901b683_JaffaCakes118.exe