68da9725a43db9fae1592e7e15165cd19f4f7f19ed10b3a825a996dc25bd6c22

Analysis

max time kernel
137s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/08/2024, 18:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll
Size

288KB
MD5

ac1e3ae93673911c7675f4d5773b2f8a
SHA1

29d21d5b5fbedf5b5111c415295124b44b7aaed9
SHA256

68da9725a43db9fae1592e7e15165cd19f4f7f19ed10b3a825a996dc25bd6c22
SHA512

2fb97b428cf5c0bf13e47a041b23994f8938e8346e53a5859689d8ee9fbda18078c34267f252f5fedae3c43cdc4ba5a7bd31e164b115ee0d727ad202f9bf2f1b
SSDEEP

6144:8fLKaAA11ig1hxgsjtXeEiPvyGTRVQuQrbtLqYiOiu5xa5uuq20R:8fLKaJ1Ig1hxgsjtuEiCKRVQuQrbxauB

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 4788	3056	rundll32.exe	84
PID 3056 wrote to memory of 4788	3056	rundll32.exe	84
PID 3056 wrote to memory of 4788	3056	rundll32.exe	84
PID 4788 wrote to memory of 2224	4788	rundll32.exe	85
PID 4788 wrote to memory of 2224	4788	rundll32.exe	85
PID 4788 wrote to memory of 2224	4788	rundll32.exe	85
PID 2224 wrote to memory of 1096	2224	rundll32.exe	86
PID 2224 wrote to memory of 1096	2224	rundll32.exe	86
PID 2224 wrote to memory of 1096	2224	rundll32.exe	86
PID 1096 wrote to memory of 1008	1096	rundll32.exe	87
PID 1096 wrote to memory of 1008	1096	rundll32.exe	87
PID 1096 wrote to memory of 1008	1096	rundll32.exe	87
PID 1008 wrote to memory of 4964	1008	rundll32.exe	88
PID 1008 wrote to memory of 4964	1008	rundll32.exe	88
PID 1008 wrote to memory of 4964	1008	rundll32.exe	88
PID 4964 wrote to memory of 4212	4964	rundll32.exe	89
PID 4964 wrote to memory of 4212	4964	rundll32.exe	89
PID 4964 wrote to memory of 4212	4964	rundll32.exe	89
PID 4212 wrote to memory of 3740	4212	rundll32.exe	90
PID 4212 wrote to memory of 3740	4212	rundll32.exe	90
PID 4212 wrote to memory of 3740	4212	rundll32.exe	90
PID 3740 wrote to memory of 1860	3740	rundll32.exe	91
PID 3740 wrote to memory of 1860	3740	rundll32.exe	91
PID 3740 wrote to memory of 1860	3740	rundll32.exe	91
PID 1860 wrote to memory of 1696	1860	rundll32.exe	92
PID 1860 wrote to memory of 1696	1860	rundll32.exe	92
PID 1860 wrote to memory of 1696	1860	rundll32.exe	92
PID 1696 wrote to memory of 952	1696	rundll32.exe	93
PID 1696 wrote to memory of 952	1696	rundll32.exe	93
PID 1696 wrote to memory of 952	1696	rundll32.exe	93
PID 952 wrote to memory of 4056	952	rundll32.exe	94
PID 952 wrote to memory of 4056	952	rundll32.exe	94
PID 952 wrote to memory of 4056	952	rundll32.exe	94
PID 4056 wrote to memory of 5040	4056	rundll32.exe	95
PID 4056 wrote to memory of 5040	4056	rundll32.exe	95
PID 4056 wrote to memory of 5040	4056	rundll32.exe	95
PID 5040 wrote to memory of 2412	5040	rundll32.exe	96
PID 5040 wrote to memory of 2412	5040	rundll32.exe	96
PID 5040 wrote to memory of 2412	5040	rundll32.exe	96
PID 2412 wrote to memory of 4440	2412	rundll32.exe	97
PID 2412 wrote to memory of 4440	2412	rundll32.exe	97
PID 2412 wrote to memory of 4440	2412	rundll32.exe	97
PID 4440 wrote to memory of 4904	4440	rundll32.exe	98
PID 4440 wrote to memory of 4904	4440	rundll32.exe	98
PID 4440 wrote to memory of 4904	4440	rundll32.exe	98
PID 4904 wrote to memory of 768	4904	rundll32.exe	99
PID 4904 wrote to memory of 768	4904	rundll32.exe	99
PID 4904 wrote to memory of 768	4904	rundll32.exe	99
PID 768 wrote to memory of 892	768	rundll32.exe	100
PID 768 wrote to memory of 892	768	rundll32.exe	100
PID 768 wrote to memory of 892	768	rundll32.exe	100
PID 892 wrote to memory of 4516	892	rundll32.exe	101
PID 892 wrote to memory of 4516	892	rundll32.exe	101
PID 892 wrote to memory of 4516	892	rundll32.exe	101
PID 4516 wrote to memory of 1204	4516	rundll32.exe	102
PID 4516 wrote to memory of 1204	4516	rundll32.exe	102
PID 4516 wrote to memory of 1204	4516	rundll32.exe	102
PID 1204 wrote to memory of 1236	1204	rundll32.exe	103
PID 1204 wrote to memory of 1236	1204	rundll32.exe	103
PID 1204 wrote to memory of 1236	1204	rundll32.exe	103
PID 1236 wrote to memory of 2300	1236	rundll32.exe	104
PID 1236 wrote to memory of 2300	1236	rundll32.exe	104
PID 1236 wrote to memory of 2300	1236	rundll32.exe	104
PID 2300 wrote to memory of 5020	2300	rundll32.exe	105

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4788
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2224
  - - C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1096
    - - C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:1008
      - C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:4964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        7⤵
        Suspicious use of WriteProcessMemory
        
        PID:4212
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        8⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:3740
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        9⤵
        Suspicious use of WriteProcessMemory
        
        PID:1860
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        10⤵
        Suspicious use of WriteProcessMemory
        
        PID:1696
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        11⤵
        Suspicious use of WriteProcessMemory
        
        PID:952
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        12⤵
        Suspicious use of WriteProcessMemory
        
        PID:4056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        13⤵
        Suspicious use of WriteProcessMemory
        
        PID:5040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        14⤵
        Suspicious use of WriteProcessMemory
        
        PID:2412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        15⤵
        Suspicious use of WriteProcessMemory
        
        PID:4440
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        16⤵
        Suspicious use of WriteProcessMemory
        
        PID:4904
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        17⤵
        Suspicious use of WriteProcessMemory
        
        PID:768
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        18⤵
        Suspicious use of WriteProcessMemory
        
        PID:892
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        19⤵
        Suspicious use of WriteProcessMemory
        
        PID:4516
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        20⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:1204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        21⤵
        Suspicious use of WriteProcessMemory
        
        PID:1236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        22⤵
        Suspicious use of WriteProcessMemory
        
        PID:2300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        23⤵
        
        PID:5020
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        24⤵
        
        PID:5060
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        25⤵
        
        PID:4020
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        26⤵
        
        PID:1652
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        27⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        28⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        29⤵
        
        PID:932
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        30⤵
        
        PID:3612
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        31⤵
        System Location Discovery: System Language Discovery
        
        PID:5048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        32⤵
        
        PID:1768
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        33⤵
        
        PID:4932
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        34⤵
        
        PID:2280
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        35⤵
        
        PID:4228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        36⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        37⤵
        
        PID:1260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        38⤵
        
        PID:4828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        39⤵
        
        PID:4204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        40⤵
        
        PID:4196
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        41⤵
        
        PID:4508
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        42⤵
        
        PID:1160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        43⤵
        
        PID:1148
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        44⤵
        
        PID:812
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        45⤵
        
        PID:4520
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        46⤵
        
        PID:1408
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        47⤵
        
        PID:4276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        48⤵
        
        PID:1412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        49⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        50⤵
        
        PID:456
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        51⤵
        
        PID:1672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        52⤵
        
        PID:5012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        53⤵
        
        PID:4912
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        54⤵
        
        PID:2332
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        55⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        56⤵
        
        PID:3824
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        57⤵
        
        PID:4116
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        58⤵
        
        PID:2228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        59⤵
        
        PID:3376
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        60⤵
        
        PID:3688
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        61⤵
        
        PID:1044
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        62⤵
        
        PID:2844
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        63⤵
        
        PID:2124
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        64⤵
        
        PID:2504
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        65⤵
        
        PID:4400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        66⤵
        
        PID:348
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        67⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        68⤵
        
        PID:3796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        69⤵
        
        PID:944
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        70⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        71⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        72⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        73⤵
        
        PID:1636
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        74⤵
        System Location Discovery: System Language Discovery
        
        PID:3908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        75⤵
        
        PID:464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        76⤵
        
        PID:4044
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        77⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        78⤵
        
        PID:2232
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        79⤵
        
        PID:3352
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        80⤵
        
        PID:3368
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        81⤵
        
        PID:2580
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        82⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        83⤵
        
        PID:4684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        84⤵
        
        PID:2384
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        85⤵
        
        PID:3572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        86⤵
        
        PID:3240
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        87⤵
        
        PID:4780
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        88⤵
        
        PID:2312
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        89⤵
        
        PID:2976
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        90⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        91⤵
        
        PID:3732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        92⤵
        
        PID:1676
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        93⤵
        
        PID:4428
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        94⤵
        
        PID:220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        95⤵
        
        PID:2808
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        96⤵
        System Location Discovery: System Language Discovery
        
        PID:2920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        97⤵
        
        PID:1032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        98⤵
        
        PID:1336
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        99⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        100⤵
        
        PID:4908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        101⤵
        
        PID:1840
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        102⤵
        
        PID:4080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        103⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        104⤵
        
        PID:5136
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        105⤵
        
        PID:5156
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        106⤵
        System Location Discovery: System Language Discovery
        
        PID:5172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        107⤵
        
        PID:5188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        108⤵
        System Location Discovery: System Language Discovery
        
        PID:5212
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        109⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        110⤵
        
        PID:5248
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        111⤵
        
        PID:5260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        112⤵
        
        PID:5276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        113⤵
        
        PID:5292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        114⤵
        
        PID:5308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        115⤵
        
        PID:5324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        116⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        117⤵
        
        PID:5372
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        118⤵
        
        PID:5388
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        119⤵
        
        PID:5428
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        120⤵
        
        PID:5444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        121⤵
        
        PID:5460
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        122⤵
        
        PID:5476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        123⤵
        
        PID:5492
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        124⤵
        
        PID:5520
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        125⤵
        
        PID:5544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        126⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        127⤵
        
        PID:5572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        128⤵
        
        PID:5588
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        129⤵
        
        PID:5604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        130⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        131⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        132⤵
        
        PID:5656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        133⤵
        
        PID:5676
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        134⤵
        
        PID:5688
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        135⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        136⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        137⤵
        
        PID:5784
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        138⤵
        
        PID:5796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        139⤵
        
        PID:5816
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        140⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        141⤵
        
        PID:5844
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        142⤵
        
        PID:5864
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        143⤵
        
        PID:5880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        144⤵
        
        PID:5896
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        145⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        146⤵
        
        PID:5932
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        147⤵
        
        PID:5948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        148⤵
        
        PID:5960
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        149⤵
        
        PID:5976
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        150⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        151⤵
        
        PID:6008
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        152⤵
        
        PID:6024
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        153⤵
        
        PID:6040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        154⤵
        
        PID:6056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        155⤵
        
        PID:6068
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        156⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        157⤵
        
        PID:6100
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        158⤵
        
        PID:6112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        159⤵
        System Location Discovery: System Language Discovery
        
        PID:6128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        160⤵
        
        PID:2236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        161⤵
        
        PID:5716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        162⤵
        
        PID:6152
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        163⤵
        
        PID:6168
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        164⤵
        
        PID:6184
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        165⤵
        
        PID:6196
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        166⤵
        
        PID:6212
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        167⤵
        
        PID:6228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        168⤵
        
        PID:6240
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        169⤵
        
        PID:6256
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        170⤵
        
        PID:6276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        171⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        172⤵
        
        PID:6304
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        173⤵
        
        PID:6320
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        174⤵
        
        PID:6336
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        175⤵
        
        PID:6356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        176⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        177⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        178⤵
        
        PID:6400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        179⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        180⤵
        
        PID:6432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        181⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        182⤵
        
        PID:6480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        183⤵
        
        PID:6520
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        184⤵
        System Location Discovery: System Language Discovery
        
        PID:6540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        185⤵
        System Location Discovery: System Language Discovery
        
        PID:6564
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        186⤵
        System Location Discovery: System Language Discovery
        
        PID:6600
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        187⤵
        
        PID:6624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        188⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        189⤵
        
        PID:6672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        190⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        191⤵
        
        PID:6720
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        192⤵
        
        PID:6764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        193⤵
        
        PID:6792
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        194⤵
        
        PID:6812
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        195⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        196⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        197⤵
        System Location Discovery: System Language Discovery
        
        PID:6876
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        198⤵
        
        PID:6896
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        199⤵
        
        PID:6912
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        200⤵
        
        PID:6948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        201⤵
        
        PID:6968
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        202⤵
        
        PID:6984
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        203⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        204⤵
        
        PID:7016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        205⤵
        
        PID:7032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        206⤵
        
        PID:7048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        207⤵
        
        PID:7064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        208⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        209⤵
        
        PID:7096
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        210⤵
        
        PID:7108
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        211⤵
        
        PID:7128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        212⤵
        
        PID:7144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        213⤵
        
        PID:7160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        214⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        215⤵
        
        PID:7180
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        216⤵
        System Location Discovery: System Language Discovery
        
        PID:7196
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        217⤵
        
        PID:7212
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        218⤵
        
        PID:7224
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        219⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        220⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        221⤵
        
        PID:7276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        222⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        223⤵
        
        PID:7308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        224⤵
        System Location Discovery: System Language Discovery
        
        PID:7324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        225⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        226⤵
        System Location Discovery: System Language Discovery
        
        PID:7356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        227⤵
        
        PID:7368
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        228⤵
        
        PID:7388
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        229⤵
        
        PID:7404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        230⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        231⤵
        
        PID:7432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        232⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        233⤵
        
        PID:7464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        234⤵
        
        PID:7480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        235⤵
        
        PID:7496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        236⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        237⤵
        
        PID:7528
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        238⤵
        
        PID:7548
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        239⤵
        
        PID:7564
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        240⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        241⤵
        
        PID:7592
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        242⤵
        System Location Discovery: System Language Discovery
        
        PID:7608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        243⤵
        
        PID:7624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        244⤵
        
        PID:7640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        245⤵
        
        PID:7656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        246⤵
        
        PID:7672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        247⤵
        
        PID:7684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        248⤵
        
        PID:7700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        249⤵
        
        PID:7716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        250⤵
        
        PID:7732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        251⤵
        System Location Discovery: System Language Discovery
        
        PID:7748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        252⤵
        
        PID:7764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        253⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        254⤵
        
        PID:7796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        255⤵
        
        PID:7812
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        256⤵
        
        PID:7828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        257⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        258⤵
        
        PID:7856
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        259⤵
        
        PID:7872
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        260⤵
        
        PID:7888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        261⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        262⤵
        System Location Discovery: System Language Discovery
        
        PID:7916
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        263⤵
        
        PID:7932
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        264⤵
        
        PID:7948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        265⤵
        System Location Discovery: System Language Discovery
        
        PID:7964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        266⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        267⤵
        
        PID:7992
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        268⤵
        System Location Discovery: System Language Discovery
        
        PID:8012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        269⤵
        
        PID:8056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        270⤵
        
        PID:8080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        271⤵
        
        PID:8096
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        272⤵
        
        PID:8112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        273⤵
        
        PID:8128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        274⤵
        
        PID:8144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        275⤵
        
        PID:8160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        276⤵
        
        PID:8176
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        277⤵
        
        PID:8188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        278⤵
        
        PID:2788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        279⤵
        
        PID:2952
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        280⤵
        
        PID:2276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        281⤵
        
        PID:3584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        282⤵
        
        PID:2456
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        283⤵
        
        PID:4488
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        284⤵
        
        PID:4064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        285⤵
        
        PID:7544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        286⤵
        
        PID:8200
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        287⤵
        
        PID:8212
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        288⤵
        
        PID:8228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        289⤵
        
        PID:8244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        290⤵
        
        PID:8260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        291⤵
        
        PID:8276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        292⤵
        
        PID:8288
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        293⤵
        
        PID:8300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        294⤵
        
        PID:8316
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        295⤵
        
        PID:8332
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        296⤵
        
        PID:8344
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        297⤵
        
        PID:8360
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        298⤵
        
        PID:8372
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        299⤵
        
        PID:8388
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        300⤵
        
        PID:8404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        301⤵
        
        PID:8416
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        302⤵
        
        PID:8428
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        303⤵
        
        PID:8444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        304⤵
        
        PID:8460
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        305⤵
        
        PID:8476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        306⤵
        
        PID:8488
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        307⤵
        System Location Discovery: System Language Discovery
        
        PID:8504
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        308⤵
        
        PID:8516
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        309⤵
        
        PID:8528
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        310⤵
        
        PID:8544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        311⤵
        
        PID:8560
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        312⤵
        System Location Discovery: System Language Discovery
        
        PID:8576
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        313⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        314⤵
        
        PID:8600
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        315⤵
        System Location Discovery: System Language Discovery
        
        PID:8616
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        316⤵
        
        PID:8628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        317⤵
        
        PID:8648
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        318⤵
        
        PID:8664
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        319⤵
        
        PID:8680
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        320⤵
        System Location Discovery: System Language Discovery
        
        PID:8696
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        321⤵
        
        PID:8712
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        322⤵
        
        PID:8728
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        323⤵
        
        PID:8744
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        324⤵
        
        PID:8760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        325⤵
        
        PID:8776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        326⤵
        
        PID:8792
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        327⤵
        
        PID:8808
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        328⤵
        
        PID:8820
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        329⤵
        
        PID:8840
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        330⤵
        
        PID:8852
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        331⤵
        
        PID:8868
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        332⤵
        
        PID:8884
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        333⤵
        
        PID:8904
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        334⤵
        
        PID:8920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        335⤵
        System Location Discovery: System Language Discovery
        
        PID:8932
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        336⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        337⤵
        
        PID:8960
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        338⤵
        
        PID:8972
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        339⤵
        
        PID:8984
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        340⤵
        
        PID:9000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        341⤵
        
        PID:9016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        342⤵
        
        PID:9028
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        343⤵
        
        PID:9048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        344⤵
        
        PID:9060
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        345⤵
        
        PID:9072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        346⤵
        
        PID:9088
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        347⤵
        
        PID:9104
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        348⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        349⤵
        
        PID:9136
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        350⤵
        
        PID:9148
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        351⤵
        
        PID:9172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        352⤵
        
        PID:9208
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        353⤵
        
        PID:9248
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        354⤵
        
        PID:9272
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        355⤵
        
        PID:9300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        356⤵
        
        PID:9340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        357⤵
        System Location Discovery: System Language Discovery
        
        PID:9360
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        358⤵
        
        PID:9376
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        359⤵
        
        PID:9392
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        360⤵
        
        PID:9424
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        361⤵
        
        PID:9448
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        362⤵
        
        PID:9460
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        363⤵
        
        PID:9472
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        364⤵
        
        PID:9488
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        365⤵
        
        PID:9500
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        366⤵
        System Location Discovery: System Language Discovery
        
        PID:9520
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        367⤵
        
        PID:9536
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        368⤵
        
        PID:9552
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        369⤵
        
        PID:9568
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        370⤵
        
        PID:9584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        371⤵
        
        PID:9600
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        372⤵
        
        PID:9616
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        373⤵
        
        PID:9632
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        374⤵
        
        PID:9648
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        375⤵
        
        PID:9660
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        376⤵
        System Location Discovery: System Language Discovery
        
        PID:9684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        377⤵
        
        PID:9700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        378⤵
        
        PID:9716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        379⤵
        
        PID:9732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        380⤵
        
        PID:9744
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        381⤵
        
        PID:9764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        382⤵
        
        PID:9784
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        383⤵
        
        PID:9800
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        384⤵
        
        PID:9816
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        385⤵
        
        PID:9832
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        386⤵
        
        PID:9848
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        387⤵
        
        PID:9864
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        388⤵
        
        PID:9880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        389⤵
        
        PID:9896
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        390⤵
        
        PID:9908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        391⤵
        
        PID:9928
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        392⤵
        
        PID:9944
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        393⤵
        
        PID:9960
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        394⤵
        
        PID:9976
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        395⤵
        
        PID:9988
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        396⤵
        
        PID:10004
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        397⤵
        
        PID:10024
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        398⤵
        
        PID:10040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        399⤵
        System Location Discovery: System Language Discovery
        
        PID:10056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        400⤵
        
        PID:10072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        401⤵
        
        PID:10088
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        402⤵
        
        PID:10104
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        403⤵
        
        PID:10120
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        404⤵
        
        PID:10136
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        405⤵
        
        PID:10152
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        406⤵
        
        PID:10164
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        407⤵
        
        PID:10180
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        408⤵
        
        PID:10196
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        409⤵
        
        PID:10212
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        410⤵
        
        PID:10228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        411⤵
        
        PID:8892
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        412⤵
        
        PID:10248
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        413⤵
        System Location Discovery: System Language Discovery
        
        PID:10264
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        414⤵
        
        PID:10280
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        415⤵
        
        PID:10296
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        416⤵
        
        PID:10312
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        417⤵
        
        PID:10332
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        418⤵
        
        PID:10348
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        419⤵
        
        PID:10364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        420⤵
        
        PID:10380
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        421⤵
        
        PID:10396
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        422⤵
        
        PID:10412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        423⤵
        
        PID:10428
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        424⤵
        
        PID:10444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        425⤵
        
        PID:10460
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        426⤵
        
        PID:10476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        427⤵
        System Location Discovery: System Language Discovery
        
        PID:10492
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        428⤵
        System Location Discovery: System Language Discovery
        
        PID:10504
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        429⤵
        
        PID:10520
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        430⤵
        
        PID:10536
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        431⤵
        
        PID:10548
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        432⤵
        
        PID:10568
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        433⤵
        
        PID:10580
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        434⤵
        
        PID:10596
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        435⤵
        
        PID:10612
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        436⤵
        
        PID:10628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        437⤵
        
        PID:10640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        438⤵
        
        PID:10656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        439⤵
        System Location Discovery: System Language Discovery
        
        PID:10672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        440⤵
        
        PID:10688
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        441⤵
        
        PID:10704
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        442⤵
        
        PID:10720
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        443⤵
        
        PID:10736
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        444⤵
        
        PID:10748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        445⤵
        System Location Discovery: System Language Discovery
        
        PID:10768
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        446⤵
        
        PID:10784
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        447⤵
        
        PID:10800
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        448⤵
        
        PID:10816
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        449⤵
        
        PID:10832
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        450⤵
        
        PID:10844
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        451⤵
        
        PID:10860
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        452⤵
        
        PID:10876
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        453⤵
        
        PID:10892
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        454⤵
        
        PID:10908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        455⤵
        
        PID:10920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        456⤵
        
        PID:10940
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        457⤵
        
        PID:10960
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        458⤵
        
        PID:10976
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        459⤵
        
        PID:10992
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        460⤵
        
        PID:11012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        461⤵
        
        PID:11028
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        462⤵
        
        PID:11044
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        463⤵
        System Location Discovery: System Language Discovery
        
        PID:11056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        464⤵
        
        PID:11072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        465⤵
        
        PID:11088
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        466⤵
        
        PID:11104
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        467⤵
        
        PID:11116
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        468⤵
        
        PID:11128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        469⤵
        System Location Discovery: System Language Discovery
        
        PID:11144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        470⤵
        
        PID:11156
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        471⤵
        
        PID:11168
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        472⤵
        
        PID:11180
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        473⤵
        
        PID:11196
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        474⤵
        
        PID:11212
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        475⤵
        
        PID:11228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        476⤵
        
        PID:11240
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        477⤵
        
        PID:11256
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        478⤵
        System Location Discovery: System Language Discovery
        
        PID:5772
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        479⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        480⤵
        
        PID:5700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        481⤵
        
        PID:5732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        482⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        483⤵
        
        PID:11288
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        484⤵
        
        PID:11312
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        485⤵
        
        PID:11328
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        486⤵
        
        PID:11344
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        487⤵
        
        PID:11360
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        488⤵
        
        PID:11376
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        489⤵
        
        PID:11388
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        490⤵
        
        PID:11404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        491⤵
        
        PID:11424
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        492⤵
        
        PID:11436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        493⤵
        
        PID:11452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        494⤵
        
        PID:11476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        495⤵
        
        PID:11488
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        496⤵
        
        PID:11500
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        497⤵
        
        PID:11512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        498⤵
        
        PID:11532
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        499⤵
        
        PID:11548
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        500⤵
        
        PID:11564
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        501⤵
        
        PID:11580
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        502⤵
        
        PID:11596
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        503⤵
        
        PID:11608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        504⤵
        
        PID:11620
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        505⤵
        
        PID:11636
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        506⤵
        
        PID:11652
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        507⤵
        
        PID:11664
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        508⤵
        
        PID:11680
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        509⤵
        
        PID:11696
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        510⤵
        
        PID:11708
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        511⤵
        
        PID:11724
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        512⤵
        
        PID:11736
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        513⤵
        
        PID:11752
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        514⤵
        
        PID:11768
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        515⤵
        
        PID:11784
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        516⤵
        
        PID:11800
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        517⤵
        
        PID:11812
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        518⤵
        
        PID:11828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        519⤵
        
        PID:11844
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        520⤵
        
        PID:11860
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        521⤵
        System Location Discovery: System Language Discovery
        
        PID:11872
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        522⤵
        
        PID:11888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        523⤵
        
        PID:11904
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        524⤵
        
        PID:11920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        525⤵
        
        PID:11936
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        526⤵
        
        PID:11952
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        527⤵
        
        PID:11968
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        528⤵
        
        PID:11984
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        529⤵
        
        PID:11996
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        530⤵
        
        PID:12008
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        531⤵
        
        PID:12024
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        532⤵
        System Location Discovery: System Language Discovery
        
        PID:12040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        533⤵
        
        PID:12056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        534⤵
        
        PID:12072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        535⤵
        
        PID:12088
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        536⤵
        
        PID:12104
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        537⤵
        
        PID:12120
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        538⤵
        
        PID:12136
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        539⤵
        System Location Discovery: System Language Discovery
        
        PID:12152
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        540⤵
        
        PID:12172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        541⤵
        
        PID:12188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        542⤵
        
        PID:12204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        543⤵
        
        PID:12220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        544⤵
        
        PID:12232
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        545⤵
        
        PID:12248
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        546⤵
        
        PID:12264
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        547⤵
        
        PID:12280
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        548⤵
        
        PID:11460
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        549⤵
        
        PID:12292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        550⤵
        
        PID:12308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        551⤵
        
        PID:12324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        552⤵
        
        PID:12340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        553⤵
        
        PID:12356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        554⤵
        
        PID:12372
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        555⤵
        
        PID:12388
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        556⤵
        
        PID:12400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        557⤵
        
        PID:12416
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        558⤵
        System Location Discovery: System Language Discovery
        
        PID:12432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        559⤵
        
        PID:12448
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        560⤵
        
        PID:12464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        561⤵
        
        PID:12480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        562⤵
        
        PID:12492
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        563⤵
        
        PID:12512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        564⤵
        
        PID:12528
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        565⤵
        
        PID:12540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        566⤵
        
        PID:12560
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        567⤵
        System Location Discovery: System Language Discovery
        
        PID:12576
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        568⤵
        
        PID:12588
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        569⤵
        
        PID:12604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        570⤵
        
        PID:12616
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        571⤵
        
        PID:12632
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        572⤵
        
        PID:12648
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        573⤵
        
        PID:12660
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        574⤵
        
        PID:12672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        575⤵
        
        PID:12688
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        576⤵
        
        PID:12700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        577⤵
        
        PID:12720
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        578⤵
        
        PID:12732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        579⤵
        
        PID:12744
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        580⤵
        
        PID:12760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        581⤵
        System Location Discovery: System Language Discovery
        
        PID:12776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        582⤵
        
        PID:12792
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        583⤵
        
        PID:12812
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        584⤵
        
        PID:12824
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        585⤵
        
        PID:12840
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        586⤵
        
        PID:12856
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        587⤵
        
        PID:12872
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        588⤵
        
        PID:12884
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        589⤵
        System Location Discovery: System Language Discovery
        
        PID:12900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        590⤵
        
        PID:12916
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        591⤵
        
        PID:12932
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        592⤵
        
        PID:12948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        593⤵
        
        PID:12964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        594⤵
        
        PID:12980
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        595⤵
        
        PID:12996
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        596⤵
        
        PID:13012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        597⤵
        
        PID:13024
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        598⤵
        
        PID:13040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        599⤵
        
        PID:13056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        600⤵
        
        PID:13072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        601⤵
        
        PID:13088
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        602⤵
        
        PID:13100
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        603⤵
        
        PID:13116
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        604⤵
        
        PID:13132
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        605⤵
        
        PID:13144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        606⤵
        
        PID:13164
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        607⤵
        
        PID:13176
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        608⤵
        
        PID:13188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        609⤵
        
        PID:13200
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        610⤵
        
        PID:13216
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        611⤵
        
        PID:13232
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        612⤵
        
        PID:13244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        613⤵
        
        PID:13260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        614⤵
        
        PID:13272
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        615⤵
        
        PID:13288
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        616⤵
        
        PID:13308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        617⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        618⤵
        
        PID:13320
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        619⤵
        
        PID:13336
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        620⤵
        
        PID:13352
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        621⤵
        
        PID:13368
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        622⤵
        
        PID:13384
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        623⤵
        
        PID:13396
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        624⤵
        
        PID:13408
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        625⤵
        
        PID:13428
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        626⤵
        
        PID:13444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        627⤵
        
        PID:13456
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        628⤵
        
        PID:13476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        629⤵
        
        PID:13492
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        630⤵
        System Location Discovery: System Language Discovery
        
        PID:13508
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        631⤵
        
        PID:13524
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        632⤵
        
        PID:13540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        633⤵
        
        PID:13556
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        634⤵
        
        PID:13572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        635⤵
        
        PID:13584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        636⤵
        
        PID:13600
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        637⤵
        
        PID:13616
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        638⤵
        
        PID:13628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        639⤵
        
        PID:13644
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        640⤵
        
        PID:13660
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        641⤵
        
        PID:13672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        642⤵
        
        PID:13688
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        643⤵
        
        PID:13704
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        644⤵
        
        PID:13720
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        645⤵
        
        PID:13736
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        646⤵
        
        PID:13752
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        647⤵
        
        PID:13768
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        648⤵
        
        PID:13784
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        649⤵
        System Location Discovery: System Language Discovery
        
        PID:13800
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        650⤵
        
        PID:13816
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        651⤵
        
        PID:13832
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        652⤵
        
        PID:13848
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        653⤵
        
        PID:13864
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        654⤵
        
        PID:13876
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        655⤵
        
        PID:13892
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        656⤵
        
        PID:13908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        657⤵
        System Location Discovery: System Language Discovery
        
        PID:13924
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        658⤵
        
        PID:13940
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        659⤵
        
        PID:13952
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        660⤵
        
        PID:13964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        661⤵
        
        PID:13980
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        662⤵
        
        PID:13996
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        663⤵
        
        PID:14012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        664⤵
        
        PID:14024
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        665⤵
        
        PID:14036
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        666⤵
        
        PID:14052
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        667⤵
        
        PID:14072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        668⤵
        System Location Discovery: System Language Discovery
        
        PID:14084
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        669⤵
        
        PID:14104
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        670⤵
        
        PID:14120
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        671⤵
        
        PID:14132
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        672⤵
        
        PID:14148
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        673⤵
        
        PID:14164
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        674⤵
        
        PID:14180
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        675⤵
        
        PID:14196
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        676⤵
        
        PID:14212
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        677⤵
        
        PID:14228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        678⤵
        
        PID:14256
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        679⤵
        
        PID:14268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        680⤵
        
        PID:14284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        681⤵
        
        PID:14296
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        682⤵
        
        PID:14308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        683⤵
        
        PID:14320
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        684⤵
        System Location Discovery: System Language Discovery
        
        PID:14332
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        685⤵
        
        PID:13416
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        686⤵
        
        PID:14348
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        687⤵
        
        PID:14364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        688⤵
        
        PID:14380
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        689⤵
        
        PID:14396
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        690⤵
        System Location Discovery: System Language Discovery
        
        PID:14412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        691⤵
        
        PID:14424
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        692⤵
        
        PID:14444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        693⤵
        
        PID:14460
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        694⤵
        System Location Discovery: System Language Discovery
        
        PID:14476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        695⤵
        
        PID:14488
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        696⤵
        
        PID:14500
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        697⤵
        
        PID:14516
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        698⤵
        
        PID:14528
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        699⤵
        
        PID:14540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        700⤵
        
        PID:14556
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        701⤵
        
        PID:14572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        702⤵
        
        PID:14584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        703⤵
        
        PID:14596
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        704⤵
        
        PID:14612
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        705⤵
        
        PID:14628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        706⤵
        
        PID:14644
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        707⤵
        
        PID:14660
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        708⤵
        
        PID:14672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        709⤵
        
        PID:14692
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        710⤵
        
        PID:14708
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        711⤵
        
        PID:14724
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        712⤵
        
        PID:14740
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        713⤵
        System Location Discovery: System Language Discovery
        
        PID:14756
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        714⤵
        
        PID:14772
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        715⤵
        
        PID:14788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        716⤵
        
        PID:14804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        717⤵
        
        PID:14820
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        718⤵
        
        PID:14836
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        719⤵
        
        PID:14852
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        720⤵
        
        PID:14864
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        721⤵
        
        PID:14876
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        722⤵
        
        PID:14892
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        723⤵
        
        PID:14904
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        724⤵
        
        PID:14920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        725⤵
        
        PID:14940
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        726⤵
        
        PID:14956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        727⤵
        
        PID:14972
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        728⤵
        System Location Discovery: System Language Discovery
        
        PID:14988
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        729⤵
        
        PID:15000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        730⤵
        
        PID:15016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        731⤵
        
        PID:15032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        732⤵
        
        PID:15044
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        733⤵
        System Location Discovery: System Language Discovery
        
        PID:15060
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        734⤵
        
        PID:15072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        735⤵
        
        PID:15088
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        736⤵
        
        PID:15104
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        737⤵
        
        PID:15116
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        738⤵
        
        PID:15132
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        739⤵
        
        PID:15144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        740⤵
        
        PID:15160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        741⤵
        
        PID:15172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        742⤵
        
        PID:15188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        743⤵
        
        PID:15200
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        744⤵
        
        PID:15220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        745⤵
        
        PID:15236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        746⤵
        
        PID:15252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        747⤵
        
        PID:15268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        748⤵
        
        PID:15284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        749⤵
        
        PID:15300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        750⤵
        
        PID:15316
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        751⤵
        
        PID:15328
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        752⤵
        
        PID:15344
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        753⤵
        
        PID:14068
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        754⤵
        
        PID:15372
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        755⤵
        
        PID:15388
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        756⤵
        
        PID:15408
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        757⤵
        
        PID:15420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        758⤵
        
        PID:15432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        759⤵
        
        PID:15448
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        760⤵
        System Location Discovery: System Language Discovery
        
        PID:15460
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        761⤵
        
        PID:15476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        762⤵
        
        PID:15492
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        763⤵
        
        PID:15508
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        764⤵
        
        PID:15524
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        765⤵
        
        PID:15536
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        766⤵
        
        PID:15556
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        767⤵
        
        PID:15568
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        768⤵
        
        PID:15584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        769⤵
        
        PID:15596
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        770⤵
        
        PID:15608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        771⤵
        
        PID:15624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        772⤵
        
        PID:15640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        773⤵
        
        PID:15656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        774⤵
        System Location Discovery: System Language Discovery
        
        PID:15672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        775⤵
        
        PID:15688
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        776⤵
        
        PID:15700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        777⤵
        
        PID:15716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        778⤵
        
        PID:15728
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        779⤵
        System Location Discovery: System Language Discovery
        
        PID:15744
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        780⤵
        System Location Discovery: System Language Discovery
        
        PID:15756
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        781⤵
        
        PID:15772
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        782⤵
        
        PID:15788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        783⤵
        
        PID:15804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        784⤵
        
        PID:15820
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        785⤵
        
        PID:15836
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        786⤵
        
        PID:15848
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        787⤵
        
        PID:15868
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        788⤵
        
        PID:15880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        789⤵
        
        PID:15900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        790⤵
        
        PID:15916
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        791⤵
        
        PID:15928
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        792⤵
        
        PID:15944
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        793⤵
        
        PID:15956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        794⤵
        
        PID:15972
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        795⤵
        
        PID:15988
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        796⤵
        
        PID:16004
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        797⤵
        
        PID:16016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        798⤵
        
        PID:16032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        799⤵
        
        PID:16048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        800⤵
        
        PID:16064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        801⤵
        
        PID:16080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        802⤵
        
        PID:16096
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        803⤵
        
        PID:16112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        804⤵
        
        PID:16128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        805⤵
        
        PID:16140
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        806⤵
        
        PID:16156
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        807⤵
        System Location Discovery: System Language Discovery
        
        PID:16172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        808⤵
        
        PID:16188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        809⤵
        
        PID:16204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        810⤵
        
        PID:16220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        811⤵
        System Location Discovery: System Language Discovery
        
        PID:16236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        812⤵
        
        PID:16252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        813⤵
        
        PID:16268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        814⤵
        
        PID:16284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        815⤵
        
        PID:16296
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        816⤵
        System Location Discovery: System Language Discovery
        
        PID:16316
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        817⤵
        
        PID:16328
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        818⤵
        
        PID:16344
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        819⤵
        
        PID:16360
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        820⤵
        
        PID:16376
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        821⤵
        
        PID:3720
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        822⤵
        
        PID:544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        823⤵
        System Location Discovery: System Language Discovery
        
        PID:16388
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        824⤵
        
        PID:16404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        825⤵
        
        PID:16420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        826⤵
        
        PID:16436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        827⤵
        
        PID:16452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        828⤵
        
        PID:16464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        829⤵
        
        PID:16476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        830⤵
        
        PID:16488
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        831⤵
        
        PID:16500
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        832⤵
        
        PID:16512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        833⤵
        
        PID:16528
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        834⤵
        
        PID:16544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        835⤵
        
        PID:16556
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        836⤵
        
        PID:16568
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        837⤵
        
        PID:16584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        838⤵
        
        PID:16600
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        839⤵
        
        PID:16616
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        840⤵
        
        PID:16628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        841⤵
        
        PID:16644
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        842⤵
        
        PID:16656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        843⤵
        
        PID:16672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        844⤵
        
        PID:16688
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        845⤵
        
        PID:16704
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        846⤵
        
        PID:16724
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        847⤵
        
        PID:16740
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        848⤵
        
        PID:16756
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        849⤵
        
        PID:16772
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        850⤵
        
        PID:16788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        851⤵
        
        PID:16804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        852⤵
        
        PID:16820
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        853⤵
        System Location Discovery: System Language Discovery
        
        PID:16832
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        854⤵
        
        PID:16848
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        855⤵
        
        PID:16864
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        856⤵
        
        PID:16880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        857⤵
        
        PID:16896
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        858⤵
        
        PID:16912
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        859⤵
        
        PID:16928
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        860⤵
        
        PID:16944
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        861⤵
        
        PID:16956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        862⤵
        
        PID:16968
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        863⤵
        
        PID:16984
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        864⤵
        
        PID:17000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        865⤵
        
        PID:17012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        866⤵
        
        PID:17024
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        867⤵
        
        PID:17040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        868⤵
        
        PID:17056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        869⤵
        
        PID:17072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        870⤵
        
        PID:17088
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        871⤵
        
        PID:17104
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        872⤵
        System Location Discovery: System Language Discovery
        
        PID:17120
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        873⤵
        
        PID:17136
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        874⤵
        
        PID:17152
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        875⤵
        
        PID:17168
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        876⤵
        
        PID:17184
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac1e3ae93673911c7675f4d5773b2f8a_JaffaCakes118.dll,#1
        877⤵
        
        PID:17200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/17152-3-0x0000000075880000-0x0000000075B04000-memory.dmp

Filesize
2.5MB

Download
memory/17168-2-0x0000000075880000-0x0000000075B04000-memory.dmp

Filesize
2.5MB

Download
memory/17184-1-0x0000000075880000-0x0000000075B04000-memory.dmp

Filesize
2.5MB

Download