703f0cd56e7d4c8d230ad7730ee52f79e822e3287012e4c8a0a6af5b35e5972d

Analysis

max time kernel
136s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
24/07/2024, 07:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll
Size

159KB
MD5

6aaa51456ad5912d29ea2738bae4ee43
SHA1

4984bacf3e1d29e349d31fc16afc737099cae765
SHA256

703f0cd56e7d4c8d230ad7730ee52f79e822e3287012e4c8a0a6af5b35e5972d
SHA512

64785668251fc704cc0f5f9f546564bb08c0395b03bffcd56844ae39de8a9afaa614fc1182ce34f601ec6d667ab75828088276b722d5e24ca12f00f06a90ab07
SSDEEP

3072:3pR/j8Mui4vNaJZEVU67FC52k99geYK4W6mHHvv7VCirTcmSt:5ecdZElQ52klB4WLH778t

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3568 wrote to memory of 548	3568	rundll32.exe	84
PID 3568 wrote to memory of 548	3568	rundll32.exe	84
PID 3568 wrote to memory of 548	3568	rundll32.exe	84
PID 548 wrote to memory of 2600	548	rundll32.exe	85
PID 548 wrote to memory of 2600	548	rundll32.exe	85
PID 548 wrote to memory of 2600	548	rundll32.exe	85
PID 2600 wrote to memory of 4728	2600	rundll32.exe	86
PID 2600 wrote to memory of 4728	2600	rundll32.exe	86
PID 2600 wrote to memory of 4728	2600	rundll32.exe	86
PID 4728 wrote to memory of 1244	4728	rundll32.exe	87
PID 4728 wrote to memory of 1244	4728	rundll32.exe	87
PID 4728 wrote to memory of 1244	4728	rundll32.exe	87
PID 1244 wrote to memory of 1060	1244	rundll32.exe	88
PID 1244 wrote to memory of 1060	1244	rundll32.exe	88
PID 1244 wrote to memory of 1060	1244	rundll32.exe	88
PID 1060 wrote to memory of 3804	1060	rundll32.exe	89
PID 1060 wrote to memory of 3804	1060	rundll32.exe	89
PID 1060 wrote to memory of 3804	1060	rundll32.exe	89
PID 3804 wrote to memory of 1260	3804	rundll32.exe	90
PID 3804 wrote to memory of 1260	3804	rundll32.exe	90
PID 3804 wrote to memory of 1260	3804	rundll32.exe	90
PID 1260 wrote to memory of 3636	1260	rundll32.exe	91
PID 1260 wrote to memory of 3636	1260	rundll32.exe	91
PID 1260 wrote to memory of 3636	1260	rundll32.exe	91
PID 3636 wrote to memory of 1520	3636	rundll32.exe	92
PID 3636 wrote to memory of 1520	3636	rundll32.exe	92
PID 3636 wrote to memory of 1520	3636	rundll32.exe	92
PID 1520 wrote to memory of 3096	1520	rundll32.exe	93
PID 1520 wrote to memory of 3096	1520	rundll32.exe	93
PID 1520 wrote to memory of 3096	1520	rundll32.exe	93
PID 3096 wrote to memory of 512	3096	rundll32.exe	94
PID 3096 wrote to memory of 512	3096	rundll32.exe	94
PID 3096 wrote to memory of 512	3096	rundll32.exe	94
PID 512 wrote to memory of 2308	512	rundll32.exe	95
PID 512 wrote to memory of 2308	512	rundll32.exe	95
PID 512 wrote to memory of 2308	512	rundll32.exe	95
PID 2308 wrote to memory of 3616	2308	rundll32.exe	97
PID 2308 wrote to memory of 3616	2308	rundll32.exe	97
PID 2308 wrote to memory of 3616	2308	rundll32.exe	97
PID 3616 wrote to memory of 1380	3616	rundll32.exe	98
PID 3616 wrote to memory of 1380	3616	rundll32.exe	98
PID 3616 wrote to memory of 1380	3616	rundll32.exe	98
PID 1380 wrote to memory of 4736	1380	rundll32.exe	99
PID 1380 wrote to memory of 4736	1380	rundll32.exe	99
PID 1380 wrote to memory of 4736	1380	rundll32.exe	99
PID 4736 wrote to memory of 3484	4736	rundll32.exe	100
PID 4736 wrote to memory of 3484	4736	rundll32.exe	100
PID 4736 wrote to memory of 3484	4736	rundll32.exe	100
PID 3484 wrote to memory of 4004	3484	rundll32.exe	101
PID 3484 wrote to memory of 4004	3484	rundll32.exe	101
PID 3484 wrote to memory of 4004	3484	rundll32.exe	101
PID 4004 wrote to memory of 3280	4004	rundll32.exe	102
PID 4004 wrote to memory of 3280	4004	rundll32.exe	102
PID 4004 wrote to memory of 3280	4004	rundll32.exe	102
PID 3280 wrote to memory of 3284	3280	rundll32.exe	103
PID 3280 wrote to memory of 3284	3280	rundll32.exe	103
PID 3280 wrote to memory of 3284	3280	rundll32.exe	103
PID 3284 wrote to memory of 1848	3284	rundll32.exe	104
PID 3284 wrote to memory of 1848	3284	rundll32.exe	104
PID 3284 wrote to memory of 1848	3284	rundll32.exe	104
PID 1848 wrote to memory of 4632	1848	rundll32.exe	105
PID 1848 wrote to memory of 4632	1848	rundll32.exe	105
PID 1848 wrote to memory of 4632	1848	rundll32.exe	105
PID 4632 wrote to memory of 4296	4632	rundll32.exe	106

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3568
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:548
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2600
  - - C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4728
    - - C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:1244
      - C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:1060
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        7⤵
        Suspicious use of WriteProcessMemory
        
        PID:3804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:1260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        9⤵
        Suspicious use of WriteProcessMemory
        
        PID:3636
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        10⤵
        Suspicious use of WriteProcessMemory
        
        PID:1520
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        11⤵
        Suspicious use of WriteProcessMemory
        
        PID:3096
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        12⤵
        Suspicious use of WriteProcessMemory
        
        PID:512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        13⤵
        Suspicious use of WriteProcessMemory
        
        PID:2308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        14⤵
        Suspicious use of WriteProcessMemory
        
        PID:3616
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        15⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:1380
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        16⤵
        Suspicious use of WriteProcessMemory
        
        PID:4736
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        17⤵
        Suspicious use of WriteProcessMemory
        
        PID:3484
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        18⤵
        Suspicious use of WriteProcessMemory
        
        PID:4004
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        19⤵
        Suspicious use of WriteProcessMemory
        
        PID:3280
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        20⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:3284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        21⤵
        Suspicious use of WriteProcessMemory
        
        PID:1848
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        22⤵
        Suspicious use of WriteProcessMemory
        
        PID:4632
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        23⤵
        
        PID:4296
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        24⤵
        System Location Discovery: System Language Discovery
        
        PID:3896
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        25⤵
        
        PID:3640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        26⤵
        System Location Discovery: System Language Discovery
        
        PID:4912
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        27⤵
        
        PID:3512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        28⤵
        
        PID:2180
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        29⤵
        
        PID:4900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        30⤵
        
        PID:5048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        31⤵
        
        PID:2652
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        32⤵
        
        PID:1176
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        33⤵
        
        PID:4680
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        34⤵
        
        PID:1044
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        35⤵
        
        PID:4648
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        36⤵
        
        PID:4268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        37⤵
        
        PID:852
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        38⤵
        
        PID:3668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        39⤵
        
        PID:3772
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        40⤵
        
        PID:1884
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        41⤵
        
        PID:3036
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        42⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        43⤵
        
        PID:2288
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        44⤵
        System Location Discovery: System Language Discovery
        
        PID:2032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        45⤵
        
        PID:1164
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        46⤵
        
        PID:4404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        47⤵
        System Location Discovery: System Language Discovery
        
        PID:1544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        48⤵
        
        PID:1700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        49⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        50⤵
        
        PID:2968
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        51⤵
        System Location Discovery: System Language Discovery
        
        PID:1340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        52⤵
        
        PID:2688
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        53⤵
        
        PID:2400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        54⤵
        
        PID:4992
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        55⤵
        
        PID:2608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        56⤵
        
        PID:2484
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        57⤵
        
        PID:1320
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        58⤵
        
        PID:3868
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        59⤵
        
        PID:3736
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        60⤵
        
        PID:212
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        61⤵
        
        PID:1616
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        62⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        63⤵
        
        PID:3108
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        64⤵
        
        PID:4892
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        65⤵
        
        PID:2264
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        66⤵
        
        PID:1448
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        67⤵
        
        PID:3740
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        68⤵
        System Location Discovery: System Language Discovery
        
        PID:4716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        69⤵
        
        PID:3976
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        70⤵
        
        PID:4468
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        71⤵
        
        PID:848
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        72⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        73⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        74⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        75⤵
        
        PID:2584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        76⤵
        
        PID:2328
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        77⤵
        
        PID:4348
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        78⤵
        
        PID:4864
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        79⤵
        
        PID:4640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        80⤵
        
        PID:2748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        81⤵
        
        PID:3600
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        82⤵
        
        PID:4188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        83⤵
        
        PID:964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        84⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        85⤵
        
        PID:1584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        86⤵
        
        PID:4672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        87⤵
        
        PID:4284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        88⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        89⤵
        
        PID:3012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        90⤵
        
        PID:1304
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        91⤵
        System Location Discovery: System Language Discovery
        
        PID:5052
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        92⤵
        
        PID:1980
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        93⤵
        
        PID:2812
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        94⤵
        
        PID:3828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        95⤵
        
        PID:5128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        96⤵
        
        PID:5144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        97⤵
        
        PID:5156
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        98⤵
        
        PID:5176
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        99⤵
        
        PID:5192
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        100⤵
        System Location Discovery: System Language Discovery
        
        PID:5208
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        101⤵
        
        PID:5232
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        102⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        103⤵
        
        PID:5268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        104⤵
        
        PID:5284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        105⤵
        
        PID:5316
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        106⤵
        
        PID:5332
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        107⤵
        
        PID:5348
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        108⤵
        
        PID:5360
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        109⤵
        System Location Discovery: System Language Discovery
        
        PID:5376
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        110⤵
        
        PID:5392
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        111⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        112⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        113⤵
        
        PID:5440
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        114⤵
        
        PID:5452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        115⤵
        
        PID:5476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        116⤵
        
        PID:5492
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        117⤵
        
        PID:5504
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        118⤵
        System Location Discovery: System Language Discovery
        
        PID:5520
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        119⤵
        
        PID:5536
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        120⤵
        
        PID:5552
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        121⤵
        
        PID:5572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        122⤵
        
        PID:5584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        123⤵
        
        PID:5604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        124⤵
        
        PID:5620
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        125⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        126⤵
        
        PID:5644
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        127⤵
        
        PID:5656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        128⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        129⤵
        
        PID:5684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        130⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        131⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        132⤵
        
        PID:5740
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        133⤵
        
        PID:5756
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        134⤵
        
        PID:5772
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        135⤵
        
        PID:5784
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        136⤵
        
        PID:5804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        137⤵
        
        PID:5824
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        138⤵
        
        PID:5844
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        139⤵
        
        PID:5860
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        140⤵
        System Location Discovery: System Language Discovery
        
        PID:5876
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        141⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        142⤵
        
        PID:5904
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        143⤵
        
        PID:5928
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        144⤵
        
        PID:5944
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        145⤵
        
        PID:5956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        146⤵
        
        PID:5972
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        147⤵
        
        PID:5992
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        148⤵
        
        PID:6004
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        149⤵
        
        PID:6028
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        150⤵
        
        PID:6044
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        151⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        152⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        153⤵
        
        PID:6116
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        154⤵
        
        PID:3768
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        155⤵
        
        PID:6096
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        156⤵
        
        PID:6156
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        157⤵
        
        PID:6172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        158⤵
        
        PID:6184
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        159⤵
        
        PID:6200
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        160⤵
        
        PID:6216
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        161⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        162⤵
        
        PID:6244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        163⤵
        
        PID:6260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        164⤵
        
        PID:6276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        165⤵
        
        PID:6288
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        166⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        167⤵
        
        PID:6324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        168⤵
        
        PID:6336
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        169⤵
        
        PID:6356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        170⤵
        
        PID:6372
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        171⤵
        
        PID:6388
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        172⤵
        
        PID:6400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        173⤵
        
        PID:6416
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        174⤵
        
        PID:6432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        175⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        176⤵
        
        PID:6460
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        177⤵
        
        PID:6476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        178⤵
        
        PID:6496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        179⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        180⤵
        
        PID:6528
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        181⤵
        
        PID:6544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        182⤵
        
        PID:6560
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        183⤵
        
        PID:6576
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        184⤵
        
        PID:6588
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        185⤵
        
        PID:6604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        186⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        187⤵
        
        PID:6632
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        188⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        189⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        190⤵
        
        PID:6680
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        191⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        192⤵
        
        PID:6712
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        193⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        194⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        195⤵
        
        PID:6760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        196⤵
        System Location Discovery: System Language Discovery
        
        PID:6792
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        197⤵
        
        PID:6808
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        198⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        199⤵
        
        PID:6876
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        200⤵
        System Location Discovery: System Language Discovery
        
        PID:6904
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        201⤵
        
        PID:6932
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        202⤵
        
        PID:6956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        203⤵
        
        PID:6968
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        204⤵
        System Location Discovery: System Language Discovery
        
        PID:7012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        205⤵
        
        PID:7044
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        206⤵
        
        PID:7088
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        207⤵
        
        PID:7108
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        208⤵
        
        PID:7128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        209⤵
        System Location Discovery: System Language Discovery
        
        PID:7144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        210⤵
        
        PID:7164
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        211⤵
        
        PID:7188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        212⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        213⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        214⤵
        
        PID:7252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        215⤵
        
        PID:7268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        216⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        217⤵
        
        PID:7300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        218⤵
        
        PID:7312
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        219⤵
        
        PID:7324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        220⤵
        
        PID:7336
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        221⤵
        
        PID:7352
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        222⤵
        
        PID:7368
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        223⤵
        
        PID:7384
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        224⤵
        
        PID:7400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        225⤵
        
        PID:7412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        226⤵
        
        PID:7428
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        227⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        228⤵
        
        PID:7456
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        229⤵
        
        PID:7472
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        230⤵
        
        PID:7484
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        231⤵
        
        PID:7500
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        232⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        233⤵
        
        PID:7532
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        234⤵
        
        PID:7548
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        235⤵
        System Location Discovery: System Language Discovery
        
        PID:7564
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        236⤵
        
        PID:7576
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        237⤵
        
        PID:7592
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        238⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        239⤵
        
        PID:7628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        240⤵
        
        PID:7644
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        241⤵
        
        PID:7656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        242⤵
        System Location Discovery: System Language Discovery
        
        PID:7672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        243⤵
        
        PID:7688
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        244⤵
        
        PID:7704
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        245⤵
        
        PID:7720
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        246⤵
        
        PID:7732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        247⤵
        System Location Discovery: System Language Discovery
        
        PID:7748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        248⤵
        
        PID:7764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        249⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        250⤵
        
        PID:7792
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        251⤵
        System Location Discovery: System Language Discovery
        
        PID:7812
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        252⤵
        
        PID:7828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        253⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        254⤵
        
        PID:7860
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        255⤵
        
        PID:7872
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        256⤵
        
        PID:7884
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        257⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        258⤵
        
        PID:7920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        259⤵
        
        PID:7936
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        260⤵
        
        PID:7952
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        261⤵
        
        PID:7968
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        262⤵
        System Location Discovery: System Language Discovery
        
        PID:7980
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        263⤵
        
        PID:7992
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        264⤵
        
        PID:8008
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        265⤵
        
        PID:8024
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        266⤵
        
        PID:8036
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        267⤵
        
        PID:8052
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        268⤵
        
        PID:8068
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        269⤵
        
        PID:8080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        270⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        271⤵
        
        PID:8108
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        272⤵
        
        PID:8124
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        273⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        274⤵
        
        PID:8156
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        275⤵
        
        PID:8172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        276⤵
        
        PID:8188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        277⤵
        
        PID:1912
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        278⤵
        
        PID:4600
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        279⤵
        
        PID:720
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        280⤵
        
        PID:4668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        281⤵
        
        PID:3252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        282⤵
        
        PID:5304
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        283⤵
        
        PID:5240
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        284⤵
        
        PID:2888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        285⤵
        
        PID:8204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        286⤵
        
        PID:8216
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        287⤵
        
        PID:8236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        288⤵
        System Location Discovery: System Language Discovery
        
        PID:8252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        289⤵
        
        PID:8268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        290⤵
        
        PID:8284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        291⤵
        
        PID:8296
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        292⤵
        
        PID:8308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        293⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        294⤵
        
        PID:8340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        295⤵
        
        PID:8352
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        296⤵
        
        PID:8364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        297⤵
        
        PID:8380
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        298⤵
        
        PID:8396
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        299⤵
        
        PID:8412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        300⤵
        
        PID:8428
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        301⤵
        
        PID:8444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        302⤵
        
        PID:8456
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        303⤵
        
        PID:8476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        304⤵
        
        PID:8488
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        305⤵
        
        PID:8500
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        306⤵
        
        PID:8520
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        307⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        308⤵
        
        PID:8548
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        309⤵
        
        PID:8564
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        310⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        311⤵
        
        PID:8628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        312⤵
        
        PID:8648
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        313⤵
        
        PID:8664
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        314⤵
        
        PID:8680
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        315⤵
        
        PID:8696
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        316⤵
        
        PID:8712
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        317⤵
        
        PID:8732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        318⤵
        
        PID:8748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        319⤵
        
        PID:8760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        320⤵
        
        PID:8780
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        321⤵
        
        PID:8792
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        322⤵
        
        PID:8808
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        323⤵
        
        PID:8824
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        324⤵
        System Location Discovery: System Language Discovery
        
        PID:8836
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        325⤵
        
        PID:8852
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        326⤵
        
        PID:8868
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        327⤵
        
        PID:8880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        328⤵
        
        PID:8896
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        329⤵
        System Location Discovery: System Language Discovery
        
        PID:8912
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        330⤵
        
        PID:8928
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        331⤵
        
        PID:8944
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        332⤵
        System Location Discovery: System Language Discovery
        
        PID:8960
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        333⤵
        
        PID:8976
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        334⤵
        
        PID:8988
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        335⤵
        
        PID:9004
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        336⤵
        
        PID:9020
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        337⤵
        
        PID:9036
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        338⤵
        
        PID:9048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        339⤵
        
        PID:9068
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        340⤵
        
        PID:9088
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        341⤵
        
        PID:9104
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        342⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        343⤵
        
        PID:9136
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        344⤵
        
        PID:9148
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        345⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        346⤵
        
        PID:9184
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        347⤵
        
        PID:9200
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        348⤵
        
        PID:9212
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        349⤵
        
        PID:9228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        350⤵
        
        PID:9240
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        351⤵
        
        PID:9256
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        352⤵
        
        PID:9272
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        353⤵
        
        PID:9284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        354⤵
        
        PID:9300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        355⤵
        
        PID:9316
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        356⤵
        
        PID:9328
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        357⤵
        
        PID:9344
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        358⤵
        
        PID:9356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        359⤵
        
        PID:9372
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        360⤵
        System Location Discovery: System Language Discovery
        
        PID:9388
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        361⤵
        
        PID:9400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        362⤵
        
        PID:9412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        363⤵
        
        PID:9428
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        364⤵
        
        PID:9444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        365⤵
        
        PID:9456
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        366⤵
        
        PID:9472
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        367⤵
        
        PID:9488
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        368⤵
        
        PID:9504
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        369⤵
        
        PID:9520
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        370⤵
        
        PID:9536
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        371⤵
        
        PID:9552
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        372⤵
        
        PID:9568
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        373⤵
        
        PID:9584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        374⤵
        
        PID:9600
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        375⤵
        
        PID:9616
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        376⤵
        
        PID:9632
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        377⤵
        
        PID:9648
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        378⤵
        
        PID:9664
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        379⤵
        
        PID:9676
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        380⤵
        
        PID:9692
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        381⤵
        
        PID:9708
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        382⤵
        
        PID:9720
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        383⤵
        
        PID:9736
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        384⤵
        
        PID:9752
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        385⤵
        
        PID:9768
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        386⤵
        System Location Discovery: System Language Discovery
        
        PID:9780
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        387⤵
        
        PID:9796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        388⤵
        
        PID:9812
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        389⤵
        
        PID:9828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        390⤵
        
        PID:9840
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        391⤵
        
        PID:9852
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        392⤵
        
        PID:9868
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        393⤵
        
        PID:9880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        394⤵
        
        PID:9896
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        395⤵
        
        PID:9912
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        396⤵
        
        PID:9928
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        397⤵
        
        PID:9944
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        398⤵
        
        PID:9956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        399⤵
        System Location Discovery: System Language Discovery
        
        PID:9968
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        400⤵
        
        PID:9984
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        401⤵
        
        PID:9996
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        402⤵
        
        PID:10012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        403⤵
        
        PID:10028
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        404⤵
        System Location Discovery: System Language Discovery
        
        PID:10040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        405⤵
        
        PID:10052
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        406⤵
        
        PID:10068
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        407⤵
        
        PID:10084
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        408⤵
        
        PID:10096
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        409⤵
        
        PID:10112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        410⤵
        
        PID:10128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        411⤵
        
        PID:10144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        412⤵
        
        PID:10156
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        413⤵
        
        PID:10176
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        414⤵
        
        PID:10188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        415⤵
        
        PID:10208
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        416⤵
        
        PID:10224
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        417⤵
        
        PID:9076
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        418⤵
        
        PID:10244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        419⤵
        
        PID:10256
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        420⤵
        
        PID:10276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        421⤵
        
        PID:10288
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        422⤵
        
        PID:10308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        423⤵
        
        PID:10320
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        424⤵
        
        PID:10336
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        425⤵
        
        PID:10356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        426⤵
        
        PID:10368
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        427⤵
        
        PID:10380
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        428⤵
        
        PID:10400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        429⤵
        
        PID:10416
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        430⤵
        
        PID:10432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        431⤵
        
        PID:10444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        432⤵
        
        PID:10464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        433⤵
        
        PID:10480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        434⤵
        
        PID:10496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        435⤵
        
        PID:10512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        436⤵
        
        PID:10528
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        437⤵
        
        PID:10544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        438⤵
        
        PID:10568
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        439⤵
        System Location Discovery: System Language Discovery
        
        PID:10596
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        440⤵
        
        PID:10648
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        441⤵
        
        PID:10672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        442⤵
        
        PID:10692
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        443⤵
        
        PID:10744
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        444⤵
        
        PID:10764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        445⤵
        
        PID:10784
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        446⤵
        
        PID:10804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        447⤵
        
        PID:10836
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        448⤵
        
        PID:10852
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        449⤵
        System Location Discovery: System Language Discovery
        
        PID:10864
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        450⤵
        
        PID:10880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        451⤵
        
        PID:10892
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        452⤵
        
        PID:10908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        453⤵
        
        PID:10924
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        454⤵
        
        PID:10936
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        455⤵
        
        PID:10948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        456⤵
        
        PID:10964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        457⤵
        
        PID:10976
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        458⤵
        
        PID:10992
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        459⤵
        
        PID:11008
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        460⤵
        
        PID:11020
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        461⤵
        
        PID:11036
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        462⤵
        
        PID:11048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        463⤵
        
        PID:11064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        464⤵
        
        PID:11084
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        465⤵
        
        PID:11096
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        466⤵
        
        PID:11108
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        467⤵
        System Location Discovery: System Language Discovery
        
        PID:11124
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        468⤵
        
        PID:11140
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        469⤵
        
        PID:11156
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        470⤵
        
        PID:11172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        471⤵
        
        PID:11188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        472⤵
        
        PID:11204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        473⤵
        
        PID:11216
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        474⤵
        System Location Discovery: System Language Discovery
        
        PID:11228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        475⤵
        
        PID:11240
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        476⤵
        
        PID:11252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        477⤵
        
        PID:9860
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        478⤵
        
        PID:4532
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        479⤵
        
        PID:11276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        480⤵
        
        PID:11292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        481⤵
        
        PID:11308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        482⤵
        
        PID:11324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        483⤵
        
        PID:11340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        484⤵
        
        PID:11356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        485⤵
        
        PID:11368
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        486⤵
        
        PID:11384
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        487⤵
        
        PID:11400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        488⤵
        
        PID:11412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        489⤵
        
        PID:11428
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        490⤵
        
        PID:11444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        491⤵
        
        PID:11464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        492⤵
        
        PID:11476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        493⤵
        
        PID:11492
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        494⤵
        
        PID:11504
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        495⤵
        
        PID:11520
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        496⤵
        
        PID:11536
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        497⤵
        
        PID:11548
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        498⤵
        
        PID:11564
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        499⤵
        
        PID:11580
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        500⤵
        
        PID:11596
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        501⤵
        
        PID:11608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        502⤵
        
        PID:11628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        503⤵
        
        PID:11644
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        504⤵
        
        PID:11660
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        505⤵
        
        PID:11676
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        506⤵
        
        PID:11692
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        507⤵
        
        PID:11708
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        508⤵
        
        PID:11724
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        509⤵
        
        PID:11740
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        510⤵
        System Location Discovery: System Language Discovery
        
        PID:11756
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        511⤵
        
        PID:11776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        512⤵
        
        PID:11792
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        513⤵
        
        PID:11808
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        514⤵
        
        PID:11824
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        515⤵
        
        PID:11840
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        516⤵
        
        PID:11852
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        517⤵
        
        PID:11872
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        518⤵
        
        PID:11888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        519⤵
        
        PID:11904
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        520⤵
        
        PID:11920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        521⤵
        
        PID:11932
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        522⤵
        
        PID:11948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        523⤵
        
        PID:11964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        524⤵
        
        PID:11980
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        525⤵
        
        PID:11992
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        526⤵
        
        PID:12008
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        527⤵
        
        PID:12024
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        528⤵
        
        PID:12036
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        529⤵
        
        PID:12052
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        530⤵
        
        PID:12068
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        531⤵
        
        PID:12084
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        532⤵
        
        PID:12100
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        533⤵
        
        PID:12112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        534⤵
        
        PID:12128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        535⤵
        
        PID:12144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        536⤵
        
        PID:12160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        537⤵
        
        PID:12172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        538⤵
        
        PID:12188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        539⤵
        
        PID:12200
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        540⤵
        
        PID:12220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        541⤵
        
        PID:12236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        542⤵
        
        PID:12252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        543⤵
        
        PID:12268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        544⤵
        
        PID:12284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        545⤵
        
        PID:224
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        546⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        547⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        548⤵
        
        PID:1844
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        549⤵
        
        PID:12300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        550⤵
        
        PID:12312
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        551⤵
        
        PID:12332
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        552⤵
        
        PID:12344
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        553⤵
        
        PID:12356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        554⤵
        
        PID:12372
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        555⤵
        
        PID:12388
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        556⤵
        
        PID:12404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        557⤵
        
        PID:12420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        558⤵
        
        PID:12436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        559⤵
        
        PID:12448
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        560⤵
        System Location Discovery: System Language Discovery
        
        PID:12464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        561⤵
        
        PID:12480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        562⤵
        
        PID:12504
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        563⤵
        System Location Discovery: System Language Discovery
        
        PID:12524
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        564⤵
        
        PID:12560
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        565⤵
        
        PID:12572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        566⤵
        
        PID:12584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        567⤵
        
        PID:12600
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        568⤵
        
        PID:12616
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        569⤵
        
        PID:12628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        570⤵
        
        PID:12644
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        571⤵
        
        PID:12660
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        572⤵
        
        PID:12680
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        573⤵
        
        PID:12696
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        574⤵
        
        PID:12708
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        575⤵
        
        PID:12732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        576⤵
        
        PID:12760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        577⤵
        
        PID:12776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        578⤵
        
        PID:12792
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        579⤵
        
        PID:12808
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        580⤵
        
        PID:12824
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        581⤵
        
        PID:12840
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        582⤵
        
        PID:12860
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        583⤵
        
        PID:12872
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        584⤵
        
        PID:12900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        585⤵
        
        PID:12912
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        586⤵
        
        PID:12928
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        587⤵
        
        PID:12940
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        588⤵
        
        PID:12960
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        589⤵
        
        PID:12976
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        590⤵
        
        PID:12996
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        591⤵
        
        PID:13016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        592⤵
        
        PID:13032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        593⤵
        
        PID:13048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        594⤵
        
        PID:13064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        595⤵
        
        PID:13080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        596⤵
        
        PID:13096
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        597⤵
        
        PID:13112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        598⤵
        
        PID:13124
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        599⤵
        
        PID:13140
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        600⤵
        
        PID:13156
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        601⤵
        
        PID:13168
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        602⤵
        
        PID:13180
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        603⤵
        System Location Discovery: System Language Discovery
        
        PID:13200
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        604⤵
        
        PID:13216
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        605⤵
        
        PID:13232
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        606⤵
        
        PID:13248
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        607⤵
        
        PID:13264
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        608⤵
        
        PID:13276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        609⤵
        
        PID:13292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        610⤵
        
        PID:13304
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        611⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        612⤵
        
        PID:6140
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        613⤵
        
        PID:6132
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        614⤵
        
        PID:6784
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        615⤵
        System Location Discovery: System Language Discovery
        
        PID:6108
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        616⤵
        
        PID:624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        617⤵
        
        PID:12888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        618⤵
        
        PID:13324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        619⤵
        
        PID:13340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        620⤵
        
        PID:13352
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        621⤵
        
        PID:13368
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        622⤵
        
        PID:13384
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        623⤵
        
        PID:13400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        624⤵
        
        PID:13412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        625⤵
        
        PID:13432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        626⤵
        
        PID:13448
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        627⤵
        
        PID:13464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        628⤵
        
        PID:13480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        629⤵
        
        PID:13496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        630⤵
        
        PID:13512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        631⤵
        
        PID:13528
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        632⤵
        
        PID:13540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        633⤵
        
        PID:13560
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        634⤵
        
        PID:13572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        635⤵
        System Location Discovery: System Language Discovery
        
        PID:13592
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        636⤵
        
        PID:13608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        637⤵
        
        PID:13620
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        638⤵
        
        PID:13636
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        639⤵
        
        PID:13656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        640⤵
        System Location Discovery: System Language Discovery
        
        PID:13672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        641⤵
        
        PID:13684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        642⤵
        
        PID:13700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        643⤵
        
        PID:13716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        644⤵
        
        PID:13732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        645⤵
        
        PID:13744
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        646⤵
        
        PID:13760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        647⤵
        
        PID:13772
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        648⤵
        
        PID:13784
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        649⤵
        System Location Discovery: System Language Discovery
        
        PID:13796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        650⤵
        
        PID:13812
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        651⤵
        System Location Discovery: System Language Discovery
        
        PID:13828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        652⤵
        
        PID:13840
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        653⤵
        
        PID:13856
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        654⤵
        
        PID:13868
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        655⤵
        
        PID:13884
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        656⤵
        
        PID:13900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        657⤵
        
        PID:13916
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        658⤵
        
        PID:13932
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        659⤵
        
        PID:13948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        660⤵
        System Location Discovery: System Language Discovery
        
        PID:13960
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        661⤵
        
        PID:13976
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        662⤵
        
        PID:13988
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        663⤵
        
        PID:14004
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        664⤵
        
        PID:14020
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        665⤵
        
        PID:14036
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        666⤵
        
        PID:14052
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        667⤵
        
        PID:14068
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        668⤵
        
        PID:14084
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        669⤵
        
        PID:14100
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        670⤵
        
        PID:14112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        671⤵
        
        PID:14132
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        672⤵
        
        PID:14148
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        673⤵
        
        PID:14160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        674⤵
        
        PID:14180
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        675⤵
        
        PID:14196
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        676⤵
        
        PID:14212
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        677⤵
        
        PID:14228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        678⤵
        
        PID:14244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        679⤵
        
        PID:14260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        680⤵
        
        PID:14272
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        681⤵
        
        PID:14284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        682⤵
        
        PID:14304
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        683⤵
        
        PID:14320
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        684⤵
        System Location Discovery: System Language Discovery
        
        PID:12984
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        685⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        686⤵
        
        PID:14348
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        687⤵
        
        PID:14364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        688⤵
        
        PID:14376
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        689⤵
        
        PID:14396
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        690⤵
        
        PID:14412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        691⤵
        
        PID:14428
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        692⤵
        
        PID:14444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        693⤵
        
        PID:14456
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        694⤵
        
        PID:14468
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        695⤵
        
        PID:14484
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        696⤵
        
        PID:14500
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        697⤵
        
        PID:14516
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        698⤵
        
        PID:14528
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        699⤵
        System Location Discovery: System Language Discovery
        
        PID:14540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        700⤵
        
        PID:14552
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        701⤵
        
        PID:14572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        702⤵
        
        PID:14588
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        703⤵
        
        PID:14600
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        704⤵
        
        PID:14620
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        705⤵
        
        PID:14636
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        706⤵
        System Location Discovery: System Language Discovery
        
        PID:14652
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        707⤵
        
        PID:14664
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        708⤵
        
        PID:14680
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        709⤵
        
        PID:14696
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        710⤵
        
        PID:14712
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        711⤵
        
        PID:14728
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        712⤵
        
        PID:14740
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        713⤵
        
        PID:14752
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        714⤵
        
        PID:14768
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        715⤵
        
        PID:14784
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        716⤵
        
        PID:14796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        717⤵
        System Location Discovery: System Language Discovery
        
        PID:14812
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        718⤵
        System Location Discovery: System Language Discovery
        
        PID:14824
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        719⤵
        
        PID:14844
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        720⤵
        
        PID:14860
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        721⤵
        
        PID:14876
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        722⤵
        
        PID:14888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        723⤵
        
        PID:14908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        724⤵
        
        PID:14920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        725⤵
        
        PID:14936
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        726⤵
        
        PID:14948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        727⤵
        
        PID:14960
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        728⤵
        
        PID:14972
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        729⤵
        
        PID:14988
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        730⤵
        
        PID:15004
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        731⤵
        
        PID:15020
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        732⤵
        
        PID:15036
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        733⤵
        
        PID:15052
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        734⤵
        
        PID:15068
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        735⤵
        
        PID:15084
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        736⤵
        
        PID:15096
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        737⤵
        
        PID:15112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        738⤵
        
        PID:15128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        739⤵
        System Location Discovery: System Language Discovery
        
        PID:15144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        740⤵
        
        PID:15160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        741⤵
        
        PID:15176
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        742⤵
        
        PID:15188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        743⤵
        System Location Discovery: System Language Discovery
        
        PID:15200
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        744⤵
        
        PID:15216
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        745⤵
        
        PID:15232
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        746⤵
        
        PID:15248
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        747⤵
        
        PID:15264
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        748⤵
        
        PID:15276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        749⤵
        
        PID:15292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        750⤵
        
        PID:15304
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        751⤵
        
        PID:15324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        752⤵
        
        PID:15340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        753⤵
        
        PID:15356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        754⤵
        System Location Discovery: System Language Discovery
        
        PID:15372
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        755⤵
        
        PID:15384
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        756⤵
        
        PID:15404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        757⤵
        
        PID:15420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        758⤵
        
        PID:15436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        759⤵
        
        PID:15452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        760⤵
        
        PID:15468
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        761⤵
        
        PID:15484
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        762⤵
        
        PID:15500
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        763⤵
        
        PID:15516
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        764⤵
        
        PID:15532
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        765⤵
        System Location Discovery: System Language Discovery
        
        PID:15548
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        766⤵
        
        PID:15564
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        767⤵
        
        PID:15576
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        768⤵
        
        PID:15592
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        769⤵
        
        PID:15608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        770⤵
        System Location Discovery: System Language Discovery
        
        PID:15624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        771⤵
        System Location Discovery: System Language Discovery
        
        PID:15636
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        772⤵
        
        PID:15652
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        773⤵
        System Location Discovery: System Language Discovery
        
        PID:15664
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        774⤵
        
        PID:15680
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        775⤵
        
        PID:15696
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        776⤵
        
        PID:15708
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        777⤵
        
        PID:15724
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        778⤵
        
        PID:15740
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        779⤵
        
        PID:15756
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        780⤵
        
        PID:15772
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        781⤵
        
        PID:15788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        782⤵
        
        PID:15804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        783⤵
        
        PID:15820
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        784⤵
        
        PID:15836
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        785⤵
        
        PID:15852
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        786⤵
        
        PID:15868
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        787⤵
        
        PID:15880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        788⤵
        
        PID:15900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        789⤵
        
        PID:15916
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        790⤵
        
        PID:15932
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        791⤵
        System Location Discovery: System Language Discovery
        
        PID:15948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        792⤵
        
        PID:15964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        793⤵
        
        PID:15976
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        794⤵
        
        PID:15988
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        795⤵
        
        PID:16008
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        796⤵
        
        PID:16040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        797⤵
        
        PID:16056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        798⤵
        
        PID:16072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        799⤵
        
        PID:16088
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        800⤵
        
        PID:16104
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        801⤵
        
        PID:16120
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        802⤵
        
        PID:16136
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        803⤵
        
        PID:16148
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        804⤵
        
        PID:16160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        805⤵
        
        PID:16172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        806⤵
        
        PID:16188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        807⤵
        
        PID:16204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        808⤵
        
        PID:16216
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        809⤵
        
        PID:16228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        810⤵
        
        PID:16240
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        811⤵
        
        PID:16252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        812⤵
        
        PID:16268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        813⤵
        
        PID:16284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        814⤵
        
        PID:16296
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        815⤵
        System Location Discovery: System Language Discovery
        
        PID:16308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        816⤵
        
        PID:16324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        817⤵
        
        PID:16336
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        818⤵
        
        PID:16356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        819⤵
        
        PID:16368
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        820⤵
        
        PID:4260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        821⤵
        
        PID:668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        822⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        823⤵
        
        PID:16388
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        824⤵
        
        PID:16400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        825⤵
        
        PID:16416
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        826⤵
        
        PID:16432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        827⤵
        System Location Discovery: System Language Discovery
        
        PID:16448
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        828⤵
        
        PID:16460
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        829⤵
        
        PID:16476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        830⤵
        
        PID:16492
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        831⤵
        System Location Discovery: System Language Discovery
        
        PID:16508
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        832⤵
        
        PID:16528
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        833⤵
        
        PID:16544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        834⤵
        
        PID:16560
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        835⤵
        
        PID:16572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        836⤵
        
        PID:16588
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        837⤵
        
        PID:16600
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        838⤵
        System Location Discovery: System Language Discovery
        
        PID:16616
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        839⤵
        
        PID:16632
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        840⤵
        
        PID:16648
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        841⤵
        
        PID:16660
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        842⤵
        
        PID:16676
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        843⤵
        
        PID:16688
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        844⤵
        
        PID:16704
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        845⤵
        
        PID:16716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        846⤵
        
        PID:16732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        847⤵
        
        PID:16748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        848⤵
        
        PID:16764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        849⤵
        
        PID:16776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        850⤵
        
        PID:16792
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        851⤵
        System Location Discovery: System Language Discovery
        
        PID:16804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        852⤵
        
        PID:16820
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        853⤵
        
        PID:16832
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        854⤵
        
        PID:16848
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        855⤵
        
        PID:16868
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        856⤵
        
        PID:16884
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        857⤵
        
        PID:16900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        858⤵
        System Location Discovery: System Language Discovery
        
        PID:16916
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        859⤵
        
        PID:16932
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        860⤵
        
        PID:16948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        861⤵
        
        PID:16964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        862⤵
        
        PID:16980
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        863⤵
        
        PID:16992
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        864⤵
        
        PID:17004
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        865⤵
        System Location Discovery: System Language Discovery
        
        PID:17016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        866⤵
        
        PID:17032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        867⤵
        
        PID:17048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        868⤵
        
        PID:17064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        869⤵
        
        PID:17080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        870⤵
        
        PID:17096
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        871⤵
        
        PID:17112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        872⤵
        
        PID:17128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        873⤵
        
        PID:17140
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        874⤵
        
        PID:17152
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        875⤵
        
        PID:17168
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        876⤵
        
        PID:17180
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        877⤵
        
        PID:17192
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        878⤵
        
        PID:17204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        879⤵
        
        PID:17220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        880⤵
        
        PID:17236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        881⤵
        
        PID:17248
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        882⤵
        
        PID:17260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\6aaa51456ad5912d29ea2738bae4ee43_JaffaCakes118.dll,#1
        883⤵
        
        PID:17280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/17220-2-0x0000000075530000-0x00000000757B4000-memory.dmp

Filesize
2.5MB

Download
memory/17236-1-0x0000000075530000-0x00000000757B4000-memory.dmp

Filesize
2.5MB

Download
memory/17248-0-0x0000000075530000-0x00000000757B4000-memory.dmp

Filesize
2.5MB

Download