90c6ab0c36bdfdd2d3e9d0982635b988f08f1b60657610abe3c133de575e6e9f

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 20:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll
Size

229KB
MD5

758a928b4d0c698644e101f32acfe2ef
SHA1

41799451b6476b28defdb16d16ae2da061bb3a1b
SHA256

90c6ab0c36bdfdd2d3e9d0982635b988f08f1b60657610abe3c133de575e6e9f
SHA512

30dc301c0824e93897e9ddbb8445f271b75aeb32c666d06b4709a61d7d26e031ec21975486081558b58f9fe6b3919d7c000403f0d20711ac347eaf63f2d5c85c
SSDEEP

6144:C0n4XCCluMxcG/gLZTn3MRU/7J2CI2DL4PYjnCqwd:NJH4w3YU/wQ4P8CPd

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1528 wrote to memory of 5076	1528	rundll32.exe	83
PID 1528 wrote to memory of 5076	1528	rundll32.exe	83
PID 1528 wrote to memory of 5076	1528	rundll32.exe	83
PID 5076 wrote to memory of 2192	5076	rundll32.exe	84
PID 5076 wrote to memory of 2192	5076	rundll32.exe	84
PID 5076 wrote to memory of 2192	5076	rundll32.exe	84
PID 2192 wrote to memory of 1600	2192	rundll32.exe	85
PID 2192 wrote to memory of 1600	2192	rundll32.exe	85
PID 2192 wrote to memory of 1600	2192	rundll32.exe	85
PID 1600 wrote to memory of 5068	1600	rundll32.exe	86
PID 1600 wrote to memory of 5068	1600	rundll32.exe	86
PID 1600 wrote to memory of 5068	1600	rundll32.exe	86
PID 5068 wrote to memory of 5064	5068	rundll32.exe	87
PID 5068 wrote to memory of 5064	5068	rundll32.exe	87
PID 5068 wrote to memory of 5064	5068	rundll32.exe	87
PID 5064 wrote to memory of 2952	5064	rundll32.exe	88
PID 5064 wrote to memory of 2952	5064	rundll32.exe	88
PID 5064 wrote to memory of 2952	5064	rundll32.exe	88
PID 2952 wrote to memory of 388	2952	rundll32.exe	89
PID 2952 wrote to memory of 388	2952	rundll32.exe	89
PID 2952 wrote to memory of 388	2952	rundll32.exe	89
PID 388 wrote to memory of 1480	388	rundll32.exe	90
PID 388 wrote to memory of 1480	388	rundll32.exe	90
PID 388 wrote to memory of 1480	388	rundll32.exe	90
PID 1480 wrote to memory of 3544	1480	rundll32.exe	91
PID 1480 wrote to memory of 3544	1480	rundll32.exe	91
PID 1480 wrote to memory of 3544	1480	rundll32.exe	91
PID 3544 wrote to memory of 1908	3544	rundll32.exe	92
PID 3544 wrote to memory of 1908	3544	rundll32.exe	92
PID 3544 wrote to memory of 1908	3544	rundll32.exe	92
PID 1908 wrote to memory of 4212	1908	rundll32.exe	93
PID 1908 wrote to memory of 4212	1908	rundll32.exe	93
PID 1908 wrote to memory of 4212	1908	rundll32.exe	93
PID 4212 wrote to memory of 4192	4212	rundll32.exe	94
PID 4212 wrote to memory of 4192	4212	rundll32.exe	94
PID 4212 wrote to memory of 4192	4212	rundll32.exe	94
PID 4192 wrote to memory of 4340	4192	rundll32.exe	95
PID 4192 wrote to memory of 4340	4192	rundll32.exe	95
PID 4192 wrote to memory of 4340	4192	rundll32.exe	95
PID 4340 wrote to memory of 2504	4340	rundll32.exe	96
PID 4340 wrote to memory of 2504	4340	rundll32.exe	96
PID 4340 wrote to memory of 2504	4340	rundll32.exe	96
PID 2504 wrote to memory of 2628	2504	rundll32.exe	97
PID 2504 wrote to memory of 2628	2504	rundll32.exe	97
PID 2504 wrote to memory of 2628	2504	rundll32.exe	97
PID 2628 wrote to memory of 4208	2628	rundll32.exe	98
PID 2628 wrote to memory of 4208	2628	rundll32.exe	98
PID 2628 wrote to memory of 4208	2628	rundll32.exe	98
PID 4208 wrote to memory of 4768	4208	rundll32.exe	99
PID 4208 wrote to memory of 4768	4208	rundll32.exe	99
PID 4208 wrote to memory of 4768	4208	rundll32.exe	99
PID 4768 wrote to memory of 3664	4768	rundll32.exe	100
PID 4768 wrote to memory of 3664	4768	rundll32.exe	100
PID 4768 wrote to memory of 3664	4768	rundll32.exe	100
PID 3664 wrote to memory of 1720	3664	rundll32.exe	101
PID 3664 wrote to memory of 1720	3664	rundll32.exe	101
PID 3664 wrote to memory of 1720	3664	rundll32.exe	101
PID 1720 wrote to memory of 4852	1720	rundll32.exe	102
PID 1720 wrote to memory of 4852	1720	rundll32.exe	102
PID 1720 wrote to memory of 4852	1720	rundll32.exe	102
PID 4852 wrote to memory of 3252	4852	rundll32.exe	103
PID 4852 wrote to memory of 3252	4852	rundll32.exe	103
PID 4852 wrote to memory of 3252	4852	rundll32.exe	103
PID 3252 wrote to memory of 456	3252	rundll32.exe	104

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1528
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5076
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2192
  - - C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1600
    - - C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:5068
      - C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:5064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        7⤵
        Suspicious use of WriteProcessMemory
        
        PID:2952
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:388
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        9⤵
        Suspicious use of WriteProcessMemory
        
        PID:1480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        10⤵
        Suspicious use of WriteProcessMemory
        
        PID:3544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        11⤵
        Suspicious use of WriteProcessMemory
        
        PID:1908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        12⤵
        Suspicious use of WriteProcessMemory
        
        PID:4212
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        13⤵
        Suspicious use of WriteProcessMemory
        
        PID:4192
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        14⤵
        Suspicious use of WriteProcessMemory
        
        PID:4340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        15⤵
        Suspicious use of WriteProcessMemory
        
        PID:2504
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        16⤵
        Suspicious use of WriteProcessMemory
        
        PID:2628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        17⤵
        Suspicious use of WriteProcessMemory
        
        PID:4208
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        18⤵
        Suspicious use of WriteProcessMemory
        
        PID:4768
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        19⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:3664
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        20⤵
        Suspicious use of WriteProcessMemory
        
        PID:1720
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        21⤵
        Suspicious use of WriteProcessMemory
        
        PID:4852
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        22⤵
        Suspicious use of WriteProcessMemory
        
        PID:3252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        23⤵
        
        PID:456
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        24⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        25⤵
        System Location Discovery: System Language Discovery
        
        PID:652
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        26⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        27⤵
        
        PID:3704
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        28⤵
        
        PID:4968
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        29⤵
        
        PID:3300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        30⤵
        
        PID:3016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        31⤵
        
        PID:3904
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        32⤵
        
        PID:4664
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        33⤵
        
        PID:1536
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        34⤵
        
        PID:1840
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        35⤵
        
        PID:2484
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        36⤵
        
        PID:1164
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        37⤵
        System Location Discovery: System Language Discovery
        
        PID:2040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        38⤵
        System Location Discovery: System Language Discovery
        
        PID:3348
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        39⤵
        
        PID:3564
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        40⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        41⤵
        
        PID:3944
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        42⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        43⤵
        
        PID:1772
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        44⤵
        
        PID:4344
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        45⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        46⤵
        
        PID:3512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        47⤵
        
        PID:2260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        48⤵
        
        PID:440
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        49⤵
        
        PID:4996
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        50⤵
        
        PID:1900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        51⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        52⤵
        
        PID:4004
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        53⤵
        
        PID:1032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        54⤵
        
        PID:2856
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        55⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        56⤵
        
        PID:2992
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        57⤵
        
        PID:1704
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        58⤵
        
        PID:1640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        59⤵
        
        PID:3916
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        60⤵
        
        PID:396
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        61⤵
        
        PID:4348
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        62⤵
        
        PID:3796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        63⤵
        
        PID:2328
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        64⤵
        
        PID:3728
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        65⤵
        
        PID:4784
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        66⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        67⤵
        
        PID:2748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        68⤵
        
        PID:4116
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        69⤵
        
        PID:4052
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        70⤵
        
        PID:3200
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        71⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        72⤵
        
        PID:4012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        73⤵
        
        PID:3152
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        74⤵
        
        PID:1688
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        75⤵
        
        PID:1812
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        76⤵
        
        PID:4236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        77⤵
        
        PID:3220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        78⤵
        
        PID:1740
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        79⤵
        System Location Discovery: System Language Discovery
        
        PID:4276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        80⤵
        
        PID:3732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        81⤵
        
        PID:2304
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        82⤵
        System Location Discovery: System Language Discovery
        
        PID:4456
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        83⤵
        
        PID:2892
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        84⤵
        
        PID:1848
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        85⤵
        
        PID:1108
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        86⤵
        
        PID:3504
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        87⤵
        
        PID:5100
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        88⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        89⤵
        System Location Discovery: System Language Discovery
        
        PID:4316
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        90⤵
        
        PID:4516
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        91⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        92⤵
        
        PID:5128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        93⤵
        
        PID:5144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        94⤵
        
        PID:5160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        95⤵
        
        PID:5192
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        96⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        97⤵
        
        PID:5224
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        98⤵
        
        PID:5244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        99⤵
        
        PID:5260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        100⤵
        
        PID:5276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        101⤵
        
        PID:5296
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        102⤵
        
        PID:5308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        103⤵
        
        PID:5324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        104⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        105⤵
        
        PID:5360
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        106⤵
        
        PID:5376
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        107⤵
        
        PID:5392
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        108⤵
        
        PID:5408
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        109⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        110⤵
        
        PID:5432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        111⤵
        
        PID:5444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        112⤵
        
        PID:5460
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        113⤵
        
        PID:5476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        114⤵
        
        PID:5488
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        115⤵
        
        PID:5504
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        116⤵
        
        PID:5516
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        117⤵
        
        PID:5528
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        118⤵
        
        PID:5544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        119⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        120⤵
        
        PID:5584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        121⤵
        
        PID:5600
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        122⤵
        
        PID:5612
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        123⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        124⤵
        
        PID:5644
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        125⤵
        
        PID:5660
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        126⤵
        
        PID:5676
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        127⤵
        
        PID:5688
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        128⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        129⤵
        
        PID:5720
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        130⤵
        
        PID:5736
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        131⤵
        
        PID:5752
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        132⤵
        
        PID:5772
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        133⤵
        
        PID:5788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        134⤵
        
        PID:5804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        135⤵
        
        PID:5824
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        136⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        137⤵
        System Location Discovery: System Language Discovery
        
        PID:5880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        138⤵
        System Location Discovery: System Language Discovery
        
        PID:5916
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        139⤵
        
        PID:5928
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        140⤵
        
        PID:5944
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        141⤵
        
        PID:5960
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        142⤵
        
        PID:5976
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        143⤵
        
        PID:5992
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        144⤵
        
        PID:6008
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        145⤵
        
        PID:6024
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        146⤵
        
        PID:6040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        147⤵
        
        PID:6056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        148⤵
        
        PID:6072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        149⤵
        
        PID:6088
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        150⤵
        
        PID:6104
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        151⤵
        
        PID:6120
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        152⤵
        
        PID:6136
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        153⤵
        
        PID:3716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        154⤵
        
        PID:1880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        155⤵
        
        PID:3776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        156⤵
        
        PID:5288
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        157⤵
        
        PID:4108
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        158⤵
        
        PID:3832
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        159⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        160⤵
        
        PID:5860
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        161⤵
        
        PID:1440
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        162⤵
        
        PID:4312
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        163⤵
        
        PID:6164
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        164⤵
        
        PID:6180
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        165⤵
        
        PID:6196
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        166⤵
        
        PID:6212
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        167⤵
        
        PID:6228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        168⤵
        
        PID:6248
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        169⤵
        
        PID:6264
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        170⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        171⤵
        
        PID:6296
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        172⤵
        
        PID:6312
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        173⤵
        
        PID:6328
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        174⤵
        
        PID:6344
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        175⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        176⤵
        System Location Discovery: System Language Discovery
        
        PID:6376
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        177⤵
        
        PID:6388
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        178⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        179⤵
        
        PID:6440
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        180⤵
        
        PID:6480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        181⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        182⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        183⤵
        
        PID:6560
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        184⤵
        System Location Discovery: System Language Discovery
        
        PID:6584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        185⤵
        
        PID:6604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        186⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        187⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        188⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        189⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        190⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        191⤵
        
        PID:6760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        192⤵
        
        PID:6776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        193⤵
        
        PID:6804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        194⤵
        
        PID:6824
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        195⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        196⤵
        
        PID:6872
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        197⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        198⤵
        
        PID:6900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        199⤵
        
        PID:6916
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        200⤵
        
        PID:6928
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        201⤵
        
        PID:6944
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        202⤵
        
        PID:6956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        203⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        204⤵
        
        PID:6984
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        205⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        206⤵
        
        PID:7012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        207⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        208⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        209⤵
        
        PID:7052
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        210⤵
        System Location Discovery: System Language Discovery
        
        PID:7068
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        211⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        212⤵
        
        PID:7096
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        213⤵
        
        PID:7108
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        214⤵
        
        PID:7120
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        215⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        216⤵
        
        PID:7148
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        217⤵
        
        PID:4824
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        218⤵
        
        PID:3588
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        219⤵
        
        PID:1916
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        220⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        221⤵
        System Location Discovery: System Language Discovery
        
        PID:3260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        222⤵
        
        PID:7184
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        223⤵
        System Location Discovery: System Language Discovery
        
        PID:7200
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        224⤵
        
        PID:7216
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        225⤵
        
        PID:7228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        226⤵
        
        PID:7248
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        227⤵
        
        PID:7264
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        228⤵
        
        PID:7280
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        229⤵
        
        PID:7300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        230⤵
        
        PID:7312
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        231⤵
        
        PID:7328
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        232⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        233⤵
        
        PID:7360
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        234⤵
        
        PID:7372
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        235⤵
        
        PID:7384
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        236⤵
        
        PID:7404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        237⤵
        
        PID:7420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        238⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        239⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        240⤵
        
        PID:7468
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        241⤵
        
        PID:7484
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        242⤵
        
        PID:7500
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        243⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        244⤵
        
        PID:7532
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        245⤵
        
        PID:7548
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        246⤵
        
        PID:7564
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        247⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        248⤵
        
        PID:7596
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        249⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        250⤵
        
        PID:7624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        251⤵
        
        PID:7640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        252⤵
        
        PID:7652
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        253⤵
        
        PID:7664
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        254⤵
        
        PID:7684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        255⤵
        
        PID:7700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        256⤵
        System Location Discovery: System Language Discovery
        
        PID:7716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        257⤵
        
        PID:7728
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        258⤵
        System Location Discovery: System Language Discovery
        
        PID:7748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        259⤵
        
        PID:7764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        260⤵
        System Location Discovery: System Language Discovery
        
        PID:7776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        261⤵
        
        PID:7796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        262⤵
        
        PID:7816
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        263⤵
        
        PID:7832
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        264⤵
        
        PID:7848
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        265⤵
        
        PID:7864
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        266⤵
        
        PID:7888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        267⤵
        
        PID:7916
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        268⤵
        
        PID:7944
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        269⤵
        
        PID:7964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        270⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        271⤵
        
        PID:7992
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        272⤵
        
        PID:8012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        273⤵
        
        PID:8024
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        274⤵
        
        PID:8036
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        275⤵
        
        PID:8052
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        276⤵
        
        PID:8068
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        277⤵
        
        PID:8084
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        278⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        279⤵
        
        PID:8116
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        280⤵
        
        PID:8132
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        281⤵
        
        PID:8148
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        282⤵
        
        PID:8168
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        283⤵
        
        PID:8184
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        284⤵
        
        PID:4476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        285⤵
        
        PID:7936
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        286⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        287⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        288⤵
        
        PID:1104
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        289⤵
        
        PID:2436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        290⤵
        
        PID:4028
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        291⤵
        
        PID:5232
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        292⤵
        
        PID:5536
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        293⤵
        
        PID:7804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        294⤵
        
        PID:8208
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        295⤵
        System Location Discovery: System Language Discovery
        
        PID:8224
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        296⤵
        
        PID:8240
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        297⤵
        
        PID:8252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        298⤵
        
        PID:8268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        299⤵
        
        PID:8280
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        300⤵
        
        PID:8292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        301⤵
        
        PID:8308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        302⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        303⤵
        
        PID:8336
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        304⤵
        
        PID:8352
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        305⤵
        
        PID:8368
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        306⤵
        
        PID:8384
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        307⤵
        
        PID:8400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        308⤵
        
        PID:8416
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        309⤵
        
        PID:8432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        310⤵
        
        PID:8444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        311⤵
        
        PID:8460
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        312⤵
        
        PID:8476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        313⤵
        
        PID:8492
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        314⤵
        
        PID:8504
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        315⤵
        
        PID:8520
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        316⤵
        
        PID:8532
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        317⤵
        
        PID:8548
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        318⤵
        
        PID:8564
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        319⤵
        
        PID:8576
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        320⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        321⤵
        
        PID:8600
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        322⤵
        
        PID:8616
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        323⤵
        System Location Discovery: System Language Discovery
        
        PID:8636
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        324⤵
        
        PID:8652
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        325⤵
        
        PID:8668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        326⤵
        
        PID:8684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        327⤵
        
        PID:8700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        328⤵
        
        PID:8716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        329⤵
        
        PID:8732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        330⤵
        
        PID:8748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        331⤵
        System Location Discovery: System Language Discovery
        
        PID:8764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        332⤵
        
        PID:8776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        333⤵
        
        PID:8788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        334⤵
        
        PID:8804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        335⤵
        
        PID:8820
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        336⤵
        
        PID:8832
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        337⤵
        
        PID:8848
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        338⤵
        
        PID:8860
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        339⤵
        
        PID:8876
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        340⤵
        
        PID:8888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        341⤵
        
        PID:8904
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        342⤵
        
        PID:8916
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        343⤵
        
        PID:8932
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        344⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        345⤵
        
        PID:8964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        346⤵
        System Location Discovery: System Language Discovery
        
        PID:8980
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        347⤵
        
        PID:8992
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        348⤵
        
        PID:9020
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        349⤵
        
        PID:9048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        350⤵
        
        PID:9088
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        351⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        352⤵
        
        PID:9148
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        353⤵
        
        PID:9188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        354⤵
        
        PID:9220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        355⤵
        
        PID:9236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        356⤵
        
        PID:9252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        357⤵
        
        PID:9268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        358⤵
        
        PID:9292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        359⤵
        
        PID:9308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        360⤵
        System Location Discovery: System Language Discovery
        
        PID:9328
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        361⤵
        System Location Discovery: System Language Discovery
        
        PID:9344
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        362⤵
        
        PID:9360
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        363⤵
        
        PID:9372
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        364⤵
        
        PID:9388
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        365⤵
        
        PID:9408
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        366⤵
        
        PID:9420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        367⤵
        
        PID:9436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        368⤵
        
        PID:9452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        369⤵
        
        PID:9464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        370⤵
        
        PID:9480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        371⤵
        
        PID:9492
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        372⤵
        
        PID:9512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        373⤵
        
        PID:9528
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        374⤵
        
        PID:9544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        375⤵
        
        PID:9560
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        376⤵
        
        PID:9576
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        377⤵
        
        PID:9592
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        378⤵
        
        PID:9604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        379⤵
        
        PID:9624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        380⤵
        
        PID:9636
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        381⤵
        System Location Discovery: System Language Discovery
        
        PID:9652
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        382⤵
        
        PID:9668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        383⤵
        
        PID:9684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        384⤵
        
        PID:9700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        385⤵
        
        PID:9720
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        386⤵
        
        PID:9736
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        387⤵
        
        PID:9748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        388⤵
        System Location Discovery: System Language Discovery
        
        PID:9764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        389⤵
        
        PID:9784
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        390⤵
        
        PID:9796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        391⤵
        
        PID:9816
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        392⤵
        
        PID:9828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        393⤵
        
        PID:9856
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        394⤵
        
        PID:9884
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        395⤵
        
        PID:9900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        396⤵
        
        PID:9916
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        397⤵
        
        PID:9936
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        398⤵
        
        PID:9952
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        399⤵
        
        PID:9964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        400⤵
        
        PID:9980
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        401⤵
        
        PID:9996
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        402⤵
        System Location Discovery: System Language Discovery
        
        PID:10012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        403⤵
        
        PID:10036
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        404⤵
        
        PID:10052
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        405⤵
        
        PID:10072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        406⤵
        
        PID:10096
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        407⤵
        
        PID:10112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        408⤵
        
        PID:10128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        409⤵
        
        PID:10140
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        410⤵
        System Location Discovery: System Language Discovery
        
        PID:10160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        411⤵
        
        PID:10176
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        412⤵
        
        PID:10192
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        413⤵
        
        PID:10208
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        414⤵
        
        PID:10220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        415⤵
        
        PID:8624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        416⤵
        
        PID:10080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        417⤵
        
        PID:10256
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        418⤵
        
        PID:10272
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        419⤵
        
        PID:10288
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        420⤵
        
        PID:10304
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        421⤵
        
        PID:10320
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        422⤵
        
        PID:10332
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        423⤵
        
        PID:10348
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        424⤵
        
        PID:10364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        425⤵
        
        PID:10380
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        426⤵
        
        PID:10392
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        427⤵
        
        PID:10404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        428⤵
        
        PID:10420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        429⤵
        
        PID:10432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        430⤵
        
        PID:10452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        431⤵
        
        PID:10468
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        432⤵
        
        PID:10480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        433⤵
        
        PID:10496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        434⤵
        
        PID:10508
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        435⤵
        
        PID:10524
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        436⤵
        
        PID:10540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        437⤵
        
        PID:10556
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        438⤵
        
        PID:10572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        439⤵
        
        PID:10584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        440⤵
        
        PID:10604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        441⤵
        
        PID:10620
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        442⤵
        
        PID:10636
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        443⤵
        
        PID:10652
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        444⤵
        System Location Discovery: System Language Discovery
        
        PID:10664
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        445⤵
        
        PID:10684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        446⤵
        
        PID:10712
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        447⤵
        
        PID:10724
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        448⤵
        
        PID:10740
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        449⤵
        
        PID:10756
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        450⤵
        
        PID:10772
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        451⤵
        System Location Discovery: System Language Discovery
        
        PID:10792
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        452⤵
        
        PID:10808
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        453⤵
        
        PID:10832
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        454⤵
        
        PID:10848
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        455⤵
        
        PID:10864
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        456⤵
        
        PID:10880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        457⤵
        
        PID:10904
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        458⤵
        
        PID:10920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        459⤵
        System Location Discovery: System Language Discovery
        
        PID:10936
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        460⤵
        
        PID:10952
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        461⤵
        
        PID:10968
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        462⤵
        System Location Discovery: System Language Discovery
        
        PID:10980
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        463⤵
        
        PID:10996
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        464⤵
        
        PID:11012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        465⤵
        System Location Discovery: System Language Discovery
        
        PID:11024
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        466⤵
        System Location Discovery: System Language Discovery
        
        PID:11040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        467⤵
        
        PID:11056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        468⤵
        
        PID:11072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        469⤵
        
        PID:11088
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        470⤵
        System Location Discovery: System Language Discovery
        
        PID:11104
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        471⤵
        
        PID:11120
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        472⤵
        
        PID:11136
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        473⤵
        
        PID:11152
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        474⤵
        
        PID:11164
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        475⤵
        
        PID:11176
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        476⤵
        
        PID:11188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        477⤵
        
        PID:11200
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        478⤵
        System Location Discovery: System Language Discovery
        
        PID:11216
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        479⤵
        System Location Discovery: System Language Discovery
        
        PID:11228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        480⤵
        
        PID:11244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        481⤵
        
        PID:10084
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        482⤵
        
        PID:5852
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        483⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        484⤵
        
        PID:5872
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        485⤵
        
        PID:5856
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        486⤵
        
        PID:10820
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        487⤵
        
        PID:11276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        488⤵
        
        PID:11292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        489⤵
        
        PID:11308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        490⤵
        
        PID:11324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        491⤵
        
        PID:11340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        492⤵
        
        PID:11356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        493⤵
        
        PID:11372
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        494⤵
        System Location Discovery: System Language Discovery
        
        PID:11388
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        495⤵
        
        PID:11404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        496⤵
        
        PID:11420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        497⤵
        
        PID:11436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        498⤵
        
        PID:11448
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        499⤵
        
        PID:11460
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        500⤵
        
        PID:11472
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        501⤵
        
        PID:11492
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        502⤵
        
        PID:11504
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        503⤵
        
        PID:11524
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        504⤵
        
        PID:11540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        505⤵
        
        PID:11556
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        506⤵
        
        PID:11572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        507⤵
        
        PID:11584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        508⤵
        
        PID:11604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        509⤵
        
        PID:11616
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        510⤵
        
        PID:11632
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        511⤵
        
        PID:11648
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        512⤵
        
        PID:11664
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        513⤵
        System Location Discovery: System Language Discovery
        
        PID:11676
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        514⤵
        
        PID:11692
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        515⤵
        
        PID:11708
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        516⤵
        
        PID:11724
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        517⤵
        
        PID:11740
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        518⤵
        
        PID:11756
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        519⤵
        
        PID:11772
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        520⤵
        System Location Discovery: System Language Discovery
        
        PID:11792
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        521⤵
        System Location Discovery: System Language Discovery
        
        PID:11808
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        522⤵
        
        PID:11824
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        523⤵
        
        PID:11836
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        524⤵
        
        PID:11852
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        525⤵
        
        PID:11868
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        526⤵
        
        PID:11884
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        527⤵
        
        PID:11900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        528⤵
        
        PID:11916
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        529⤵
        
        PID:11932
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        530⤵
        
        PID:11948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        531⤵
        
        PID:11960
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        532⤵
        
        PID:11980
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        533⤵
        
        PID:11996
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        534⤵
        
        PID:12012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        535⤵
        
        PID:12028
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        536⤵
        
        PID:12040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        537⤵
        
        PID:12056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        538⤵
        
        PID:12072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        539⤵
        
        PID:12088
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        540⤵
        
        PID:12104
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        541⤵
        
        PID:12116
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        542⤵
        
        PID:12132
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        543⤵
        
        PID:12148
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        544⤵
        
        PID:12164
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        545⤵
        
        PID:12180
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        546⤵
        
        PID:12196
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        547⤵
        
        PID:12212
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        548⤵
        
        PID:12228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        549⤵
        System Location Discovery: System Language Discovery
        
        PID:12244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        550⤵
        
        PID:12260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        551⤵
        
        PID:12276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        552⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        553⤵
        
        PID:6616
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        554⤵
        
        PID:12296
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        555⤵
        
        PID:12312
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        556⤵
        
        PID:12328
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        557⤵
        
        PID:12340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        558⤵
        
        PID:12356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        559⤵
        
        PID:12368
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        560⤵
        
        PID:12384
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        561⤵
        
        PID:12404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        562⤵
        
        PID:12420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        563⤵
        
        PID:12432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        564⤵
        
        PID:12444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        565⤵
        
        PID:12460
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        566⤵
        System Location Discovery: System Language Discovery
        
        PID:12472
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        567⤵
        
        PID:12488
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        568⤵
        
        PID:12504
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        569⤵
        
        PID:12520
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        570⤵
        
        PID:12536
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        571⤵
        
        PID:12548
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        572⤵
        
        PID:12560
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        573⤵
        
        PID:12576
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        574⤵
        
        PID:12592
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        575⤵
        
        PID:12608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        576⤵
        
        PID:12624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        577⤵
        
        PID:12640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        578⤵
        System Location Discovery: System Language Discovery
        
        PID:12656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        579⤵
        
        PID:12672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        580⤵
        
        PID:12688
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        581⤵
        
        PID:12704
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        582⤵
        
        PID:12720
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        583⤵
        
        PID:12736
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        584⤵
        
        PID:12752
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        585⤵
        
        PID:12768
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        586⤵
        
        PID:12784
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        587⤵
        
        PID:12800
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        588⤵
        
        PID:12812
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        589⤵
        
        PID:12828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        590⤵
        
        PID:12844
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        591⤵
        
        PID:12860
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        592⤵
        
        PID:12876
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        593⤵
        
        PID:12888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        594⤵
        
        PID:12900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        595⤵
        
        PID:12916
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        596⤵
        
        PID:12932
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        597⤵
        
        PID:12948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        598⤵
        
        PID:12964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        599⤵
        
        PID:12984
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        600⤵
        
        PID:13000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        601⤵
        
        PID:13016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        602⤵
        
        PID:13032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        603⤵
        
        PID:13048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        604⤵
        
        PID:13060
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        605⤵
        
        PID:13076
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        606⤵
        
        PID:13088
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        607⤵
        
        PID:13104
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        608⤵
        
        PID:13116
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        609⤵
        
        PID:13132
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        610⤵
        
        PID:13148
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        611⤵
        
        PID:13164
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        612⤵
        
        PID:13180
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        613⤵
        
        PID:13196
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        614⤵
        
        PID:13212
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        615⤵
        
        PID:13228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        616⤵
        
        PID:13244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        617⤵
        
        PID:13260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        618⤵
        
        PID:13276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        619⤵
        
        PID:13292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        620⤵
        
        PID:13308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        621⤵
        
        PID:13316
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        622⤵
        System Location Discovery: System Language Discovery
        
        PID:13332
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        623⤵
        
        PID:13348
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        624⤵
        System Location Discovery: System Language Discovery
        
        PID:13364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        625⤵
        
        PID:13380
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        626⤵
        
        PID:13392
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        627⤵
        
        PID:13408
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        628⤵
        
        PID:13424
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        629⤵
        
        PID:13436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        630⤵
        
        PID:13456
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        631⤵
        
        PID:13472
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        632⤵
        
        PID:13488
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        633⤵
        
        PID:13504
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        634⤵
        System Location Discovery: System Language Discovery
        
        PID:13520
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        635⤵
        
        PID:13536
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        636⤵
        
        PID:13552
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        637⤵
        
        PID:13568
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        638⤵
        
        PID:13584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        639⤵
        
        PID:13600
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        640⤵
        
        PID:13612
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        641⤵
        System Location Discovery: System Language Discovery
        
        PID:13628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        642⤵
        
        PID:13644
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        643⤵
        
        PID:13660
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        644⤵
        
        PID:13676
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        645⤵
        
        PID:13692
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        646⤵
        
        PID:13712
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        647⤵
        
        PID:13732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        648⤵
        
        PID:13744
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        649⤵
        
        PID:13756
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        650⤵
        
        PID:13776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        651⤵
        
        PID:13792
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        652⤵
        
        PID:13804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        653⤵
        
        PID:13820
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        654⤵
        
        PID:13832
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        655⤵
        
        PID:13852
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        656⤵
        
        PID:13868
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        657⤵
        
        PID:13884
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        658⤵
        
        PID:13900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        659⤵
        
        PID:13916
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        660⤵
        
        PID:13932
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        661⤵
        
        PID:13948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        662⤵
        
        PID:13964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        663⤵
        
        PID:13980
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        664⤵
        
        PID:13992
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        665⤵
        
        PID:14004
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        666⤵
        
        PID:14024
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        667⤵
        
        PID:14040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        668⤵
        
        PID:14056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        669⤵
        
        PID:14068
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        670⤵
        
        PID:14080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        671⤵
        
        PID:14100
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        672⤵
        
        PID:14116
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        673⤵
        
        PID:14128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        674⤵
        
        PID:14140
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        675⤵
        
        PID:14160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        676⤵
        
        PID:14176
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        677⤵
        
        PID:14188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        678⤵
        
        PID:14204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        679⤵
        
        PID:14216
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        680⤵
        
        PID:14236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        681⤵
        
        PID:14248
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        682⤵
        
        PID:14264
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        683⤵
        
        PID:14280
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        684⤵
        
        PID:14296
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        685⤵
        
        PID:14312
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        686⤵
        
        PID:14328
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        687⤵
        
        PID:13592
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        688⤵
        
        PID:14352
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        689⤵
        
        PID:14368
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        690⤵
        
        PID:14380
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        691⤵
        
        PID:14396
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        692⤵
        
        PID:14412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        693⤵
        
        PID:14428
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        694⤵
        
        PID:14444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        695⤵
        
        PID:14460
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        696⤵
        
        PID:14472
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        697⤵
        
        PID:14488
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        698⤵
        
        PID:14508
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        699⤵
        
        PID:14524
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        700⤵
        
        PID:14540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        701⤵
        
        PID:14556
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        702⤵
        
        PID:14572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        703⤵
        
        PID:14588
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        704⤵
        
        PID:14604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        705⤵
        
        PID:14620
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        706⤵
        
        PID:14636
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        707⤵
        
        PID:14648
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        708⤵
        System Location Discovery: System Language Discovery
        
        PID:14664
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        709⤵
        
        PID:14680
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        710⤵
        
        PID:14700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        711⤵
        
        PID:14716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        712⤵
        
        PID:14732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        713⤵
        
        PID:14748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        714⤵
        
        PID:14764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        715⤵
        
        PID:14780
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        716⤵
        
        PID:14796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        717⤵
        System Location Discovery: System Language Discovery
        
        PID:14812
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        718⤵
        
        PID:14832
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        719⤵
        
        PID:14848
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        720⤵
        
        PID:14860
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        721⤵
        
        PID:14876
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        722⤵
        
        PID:14892
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        723⤵
        
        PID:14908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        724⤵
        
        PID:14924
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        725⤵
        
        PID:14940
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        726⤵
        
        PID:14952
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        727⤵
        
        PID:14964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        728⤵
        
        PID:14980
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        729⤵
        System Location Discovery: System Language Discovery
        
        PID:14992
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        730⤵
        
        PID:15008
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        731⤵
        
        PID:15024
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        732⤵
        
        PID:15036
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        733⤵
        
        PID:15052
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        734⤵
        
        PID:15064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        735⤵
        
        PID:15080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        736⤵
        
        PID:15096
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        737⤵
        
        PID:15112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        738⤵
        
        PID:15128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        739⤵
        System Location Discovery: System Language Discovery
        
        PID:15144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        740⤵
        
        PID:15160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        741⤵
        
        PID:15176
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        742⤵
        
        PID:15188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        743⤵
        
        PID:15204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        744⤵
        System Location Discovery: System Language Discovery
        
        PID:15216
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        745⤵
        
        PID:15236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        746⤵
        
        PID:15248
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        747⤵
        
        PID:15264
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        748⤵
        
        PID:15276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        749⤵
        System Location Discovery: System Language Discovery
        
        PID:15288
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        750⤵
        
        PID:15304
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        751⤵
        System Location Discovery: System Language Discovery
        
        PID:15320
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        752⤵
        
        PID:15336
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        753⤵
        System Location Discovery: System Language Discovery
        
        PID:15348
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        754⤵
        
        PID:14828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        755⤵
        
        PID:15372
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        756⤵
        
        PID:15392
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        757⤵
        
        PID:15408
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        758⤵
        
        PID:15424
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        759⤵
        
        PID:15444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        760⤵
        System Location Discovery: System Language Discovery
        
        PID:15456
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        761⤵
        
        PID:15468
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        762⤵
        
        PID:15480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        763⤵
        
        PID:15496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        764⤵
        
        PID:15512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        765⤵
        
        PID:15528
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        766⤵
        
        PID:15540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        767⤵
        
        PID:15560
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        768⤵
        
        PID:15576
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        769⤵
        
        PID:15592
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        770⤵
        
        PID:15608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        771⤵
        
        PID:15624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        772⤵
        
        PID:15640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        773⤵
        
        PID:15656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        774⤵
        
        PID:15668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        775⤵
        
        PID:15680
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        776⤵
        
        PID:15696
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        777⤵
        
        PID:15712
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        778⤵
        
        PID:15724
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        779⤵
        
        PID:15736
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        780⤵
        
        PID:15748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        781⤵
        
        PID:15768
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        782⤵
        
        PID:15784
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        783⤵
        
        PID:15800
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        784⤵
        
        PID:15816
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        785⤵
        
        PID:15828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        786⤵
        
        PID:15844
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        787⤵
        
        PID:15860
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        788⤵
        
        PID:15872
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        789⤵
        
        PID:15888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        790⤵
        
        PID:15900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        791⤵
        
        PID:15916
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        792⤵
        
        PID:15928
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        793⤵
        
        PID:15940
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        794⤵
        
        PID:15956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        795⤵
        
        PID:15972
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        796⤵
        
        PID:15988
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        797⤵
        
        PID:16000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        798⤵
        
        PID:16020
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        799⤵
        
        PID:16036
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        800⤵
        
        PID:16052
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        801⤵
        
        PID:16068
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        802⤵
        
        PID:16084
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        803⤵
        
        PID:16100
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        804⤵
        
        PID:16116
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        805⤵
        
        PID:16128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        806⤵
        System Location Discovery: System Language Discovery
        
        PID:16144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        807⤵
        
        PID:16160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        808⤵
        
        PID:16176
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        809⤵
        
        PID:16192
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        810⤵
        
        PID:16204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        811⤵
        
        PID:16220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        812⤵
        
        PID:16236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        813⤵
        
        PID:16252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        814⤵
        
        PID:16268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        815⤵
        
        PID:16280
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        816⤵
        
        PID:16296
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        817⤵
        
        PID:16312
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        818⤵
        
        PID:16324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        819⤵
        
        PID:16336
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        820⤵
        
        PID:16348
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        821⤵
        
        PID:16364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        822⤵
        
        PID:16376
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        823⤵
        
        PID:4364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        824⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        825⤵
        
        PID:16388
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        826⤵
        
        PID:16404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        827⤵
        
        PID:16420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        828⤵
        
        PID:16432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        829⤵
        
        PID:16448
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        830⤵
        System Location Discovery: System Language Discovery
        
        PID:16464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        831⤵
        
        PID:16480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        832⤵
        
        PID:16496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        833⤵
        
        PID:16512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        834⤵
        
        PID:16524
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        835⤵
        
        PID:16540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        836⤵
        
        PID:16556
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        837⤵
        
        PID:16572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        838⤵
        
        PID:16588
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        839⤵
        
        PID:16604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        840⤵
        
        PID:16620
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        841⤵
        
        PID:16636
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        842⤵
        
        PID:16652
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        843⤵
        
        PID:16668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        844⤵
        
        PID:16684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        845⤵
        System Location Discovery: System Language Discovery
        
        PID:16700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        846⤵
        
        PID:16716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        847⤵
        
        PID:16732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        848⤵
        
        PID:16748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        849⤵
        
        PID:16764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        850⤵
        
        PID:16780
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        851⤵
        System Location Discovery: System Language Discovery
        
        PID:16796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        852⤵
        
        PID:16808
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        853⤵
        System Location Discovery: System Language Discovery
        
        PID:16828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        854⤵
        
        PID:16844
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        855⤵
        
        PID:16860
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        856⤵
        
        PID:16876
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        857⤵
        
        PID:16892
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        858⤵
        System Location Discovery: System Language Discovery
        
        PID:16908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        859⤵
        
        PID:16924
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        860⤵
        System Location Discovery: System Language Discovery
        
        PID:16940
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        861⤵
        
        PID:16956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        862⤵
        
        PID:16972
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        863⤵
        
        PID:16988
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        864⤵
        
        PID:17004
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        865⤵
        
        PID:17020
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        866⤵
        
        PID:17036
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        867⤵
        
        PID:17048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        868⤵
        
        PID:17064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        869⤵
        
        PID:17080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        870⤵
        
        PID:17096
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        871⤵
        
        PID:17112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        872⤵
        System Location Discovery: System Language Discovery
        
        PID:17128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        873⤵
        
        PID:17144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        874⤵
        
        PID:17160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        875⤵
        
        PID:17172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        876⤵
        
        PID:17192
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        877⤵
        
        PID:17208
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        878⤵
        
        PID:17224
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        879⤵
        
        PID:17236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        880⤵
        
        PID:17248
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        881⤵
        
        PID:17264
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        882⤵
        
        PID:17280
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\758a928b4d0c698644e101f32acfe2ef_JaffaCakes118.dll,#1
        883⤵
        
        PID:17300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/17236-1-0x00000000758C0000-0x0000000075B44000-memory.dmp

Filesize
2.5MB

Download
memory/17248-0-0x00000000758C0000-0x0000000075B44000-memory.dmp

Filesize
2.5MB

Download