1652cf58cbce7737730146b1894ccd6c8b2bc29296037af06f95baee8138142c

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20/08/2024, 02:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll
Size

1.1MB
MD5

ad8f6aa4e08f36916ce855b1ec116c17
SHA1

7cbec2c6c5ac94e8d4b5c74413b70c96034d6dc6
SHA256

1652cf58cbce7737730146b1894ccd6c8b2bc29296037af06f95baee8138142c
SHA512

41e160cd9053c37a5b92859c5a613931986d3da1312e2472ec32834c27df713b593afd3b4c5c415b3a63dc786c9b6214e8bd6cd991bb696f71d098e104b4600f
SSDEEP

24576:dajWTL7RaYeLnapIKAw9Zx71izunS64XU3loGmmOXL9lIVaDg+:dajWTL7RaYeLnapIKAwDLizL64XKoGm/

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 1756	2976	rundll32.exe	84
PID 2976 wrote to memory of 1756	2976	rundll32.exe	84
PID 2976 wrote to memory of 1756	2976	rundll32.exe	84
PID 1756 wrote to memory of 2236	1756	rundll32.exe	85
PID 1756 wrote to memory of 2236	1756	rundll32.exe	85
PID 1756 wrote to memory of 2236	1756	rundll32.exe	85
PID 2236 wrote to memory of 4648	2236	rundll32.exe	86
PID 2236 wrote to memory of 4648	2236	rundll32.exe	86
PID 2236 wrote to memory of 4648	2236	rundll32.exe	86
PID 4648 wrote to memory of 2540	4648	rundll32.exe	87
PID 4648 wrote to memory of 2540	4648	rundll32.exe	87
PID 4648 wrote to memory of 2540	4648	rundll32.exe	87
PID 2540 wrote to memory of 1000	2540	rundll32.exe	88
PID 2540 wrote to memory of 1000	2540	rundll32.exe	88
PID 2540 wrote to memory of 1000	2540	rundll32.exe	88
PID 1000 wrote to memory of 4468	1000	rundll32.exe	89
PID 1000 wrote to memory of 4468	1000	rundll32.exe	89
PID 1000 wrote to memory of 4468	1000	rundll32.exe	89
PID 4468 wrote to memory of 4532	4468	rundll32.exe	90
PID 4468 wrote to memory of 4532	4468	rundll32.exe	90
PID 4468 wrote to memory of 4532	4468	rundll32.exe	90
PID 4532 wrote to memory of 1912	4532	rundll32.exe	91
PID 4532 wrote to memory of 1912	4532	rundll32.exe	91
PID 4532 wrote to memory of 1912	4532	rundll32.exe	91
PID 1912 wrote to memory of 3288	1912	rundll32.exe	92
PID 1912 wrote to memory of 3288	1912	rundll32.exe	92
PID 1912 wrote to memory of 3288	1912	rundll32.exe	92
PID 3288 wrote to memory of 872	3288	rundll32.exe	93
PID 3288 wrote to memory of 872	3288	rundll32.exe	93
PID 3288 wrote to memory of 872	3288	rundll32.exe	93
PID 872 wrote to memory of 3120	872	rundll32.exe	94
PID 872 wrote to memory of 3120	872	rundll32.exe	94
PID 872 wrote to memory of 3120	872	rundll32.exe	94
PID 3120 wrote to memory of 4040	3120	rundll32.exe	95
PID 3120 wrote to memory of 4040	3120	rundll32.exe	95
PID 3120 wrote to memory of 4040	3120	rundll32.exe	95
PID 4040 wrote to memory of 4816	4040	rundll32.exe	96
PID 4040 wrote to memory of 4816	4040	rundll32.exe	96
PID 4040 wrote to memory of 4816	4040	rundll32.exe	96
PID 4816 wrote to memory of 5032	4816	rundll32.exe	97
PID 4816 wrote to memory of 5032	4816	rundll32.exe	97
PID 4816 wrote to memory of 5032	4816	rundll32.exe	97
PID 5032 wrote to memory of 1892	5032	rundll32.exe	98
PID 5032 wrote to memory of 1892	5032	rundll32.exe	98
PID 5032 wrote to memory of 1892	5032	rundll32.exe	98
PID 1892 wrote to memory of 4220	1892	rundll32.exe	99
PID 1892 wrote to memory of 4220	1892	rundll32.exe	99
PID 1892 wrote to memory of 4220	1892	rundll32.exe	99
PID 4220 wrote to memory of 3476	4220	rundll32.exe	100
PID 4220 wrote to memory of 3476	4220	rundll32.exe	100
PID 4220 wrote to memory of 3476	4220	rundll32.exe	100
PID 3476 wrote to memory of 1652	3476	rundll32.exe	101
PID 3476 wrote to memory of 1652	3476	rundll32.exe	101
PID 3476 wrote to memory of 1652	3476	rundll32.exe	101
PID 1652 wrote to memory of 2488	1652	rundll32.exe	102
PID 1652 wrote to memory of 2488	1652	rundll32.exe	102
PID 1652 wrote to memory of 2488	1652	rundll32.exe	102
PID 2488 wrote to memory of 1016	2488	rundll32.exe	104
PID 2488 wrote to memory of 1016	2488	rundll32.exe	104
PID 2488 wrote to memory of 1016	2488	rundll32.exe	104
PID 1016 wrote to memory of 2256	1016	rundll32.exe	105
PID 1016 wrote to memory of 2256	1016	rundll32.exe	105
PID 1016 wrote to memory of 2256	1016	rundll32.exe	105
PID 2256 wrote to memory of 2800	2256	rundll32.exe	106

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2976
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1756
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2236
  - - C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4648
    - - C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2540
      - C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:1000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        7⤵
        Suspicious use of WriteProcessMemory
        
        PID:4468
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:4532
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        9⤵
        Suspicious use of WriteProcessMemory
        
        PID:1912
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        10⤵
        Suspicious use of WriteProcessMemory
        
        PID:3288
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        11⤵
        Suspicious use of WriteProcessMemory
        
        PID:872
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        12⤵
        Suspicious use of WriteProcessMemory
        
        PID:3120
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        13⤵
        Suspicious use of WriteProcessMemory
        
        PID:4040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        14⤵
        Suspicious use of WriteProcessMemory
        
        PID:4816
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        15⤵
        Suspicious use of WriteProcessMemory
        
        PID:5032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        16⤵
        Suspicious use of WriteProcessMemory
        
        PID:1892
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        17⤵
        Suspicious use of WriteProcessMemory
        
        PID:4220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        18⤵
        Suspicious use of WriteProcessMemory
        
        PID:3476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        19⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:1652
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        20⤵
        Suspicious use of WriteProcessMemory
        
        PID:2488
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        21⤵
        Suspicious use of WriteProcessMemory
        
        PID:1016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        22⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2256
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        23⤵
        
        PID:2800
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        24⤵
        
        PID:2968
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        25⤵
        
        PID:712
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        26⤵
        
        PID:3328
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        27⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        28⤵
        System Location Discovery: System Language Discovery
        
        PID:2396
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        29⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        30⤵
        
        PID:3964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        31⤵
        
        PID:4684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        32⤵
        
        PID:4276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        33⤵
        
        PID:3492
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        34⤵
        
        PID:4992
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        35⤵
        
        PID:1168
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        36⤵
        
        PID:2668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        37⤵
        
        PID:4068
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        38⤵
        
        PID:1116
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        39⤵
        
        PID:2428
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        40⤵
        
        PID:5108
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        41⤵
        
        PID:4520
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        42⤵
        
        PID:3332
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        43⤵
        
        PID:2364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        44⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        45⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        46⤵
        
        PID:4344
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        47⤵
        
        PID:3244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        48⤵
        
        PID:2284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        49⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        50⤵
        
        PID:424
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        51⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        52⤵
        
        PID:4948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        53⤵
        
        PID:4368
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        54⤵
        
        PID:1108
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        55⤵
        
        PID:768
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        56⤵
        
        PID:4208
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        57⤵
        
        PID:1584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        58⤵
        
        PID:1992
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        59⤵
        
        PID:4412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        60⤵
        
        PID:3908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        61⤵
        
        PID:4252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        62⤵
        
        PID:3480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        63⤵
        
        PID:2424
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        64⤵
        
        PID:4168
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        65⤵
        
        PID:3356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        66⤵
        
        PID:4672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        67⤵
        
        PID:4788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        68⤵
        
        PID:3300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        69⤵
        
        PID:3264
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        70⤵
        
        PID:4292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        71⤵
        
        PID:3764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        72⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        73⤵
        
        PID:3064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        74⤵
        
        PID:4804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        75⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        76⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        77⤵
        
        PID:2584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        78⤵
        
        PID:4336
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        79⤵
        
        PID:4480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        80⤵
        
        PID:1036
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        81⤵
        
        PID:4232
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        82⤵
        
        PID:3604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        83⤵
        
        PID:1672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        84⤵
        
        PID:1836
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        85⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        86⤵
        
        PID:2940
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        87⤵
        
        PID:3180
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        88⤵
        
        PID:4872
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        89⤵
        
        PID:452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        90⤵
        
        PID:4656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        91⤵
        System Location Discovery: System Language Discovery
        
        PID:2632
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        92⤵
        
        PID:3000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        93⤵
        
        PID:5012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        94⤵
        
        PID:4572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        95⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        96⤵
        
        PID:3968
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        97⤵
        
        PID:2868
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        98⤵
        
        PID:1364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        99⤵
        
        PID:64
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        100⤵
        
        PID:5124
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        101⤵
        
        PID:5136
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        102⤵
        
        PID:5156
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        103⤵
        
        PID:5172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        104⤵
        System Location Discovery: System Language Discovery
        
        PID:5188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        105⤵
        
        PID:5200
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        106⤵
        
        PID:5220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        107⤵
        
        PID:5248
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        108⤵
        
        PID:5260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        109⤵
        
        PID:5276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        110⤵
        
        PID:5292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        111⤵
        
        PID:5312
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        112⤵
        
        PID:5324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        113⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        114⤵
        
        PID:5356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        115⤵
        
        PID:5372
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        116⤵
        
        PID:5396
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        117⤵
        
        PID:5412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        118⤵
        
        PID:5432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        119⤵
        
        PID:5448
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        120⤵
        
        PID:5464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        121⤵
        
        PID:5476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        122⤵
        
        PID:5492
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        123⤵
        
        PID:5504
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        124⤵
        
        PID:5520
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        125⤵
        
        PID:5532
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        126⤵
        
        PID:5568
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        127⤵
        
        PID:5584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        128⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        129⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        130⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        131⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        132⤵
        
        PID:5652
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        133⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        134⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        135⤵
        
        PID:5700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        136⤵
        
        PID:5716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        137⤵
        
        PID:5728
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        138⤵
        
        PID:5744
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        139⤵
        
        PID:5760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        140⤵
        
        PID:5776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        141⤵
        
        PID:5792
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        142⤵
        
        PID:5808
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        143⤵
        
        PID:5820
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        144⤵
        
        PID:5836
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        145⤵
        
        PID:5852
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        146⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        147⤵
        
        PID:5884
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        148⤵
        
        PID:5900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        149⤵
        
        PID:5916
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        150⤵
        
        PID:5932
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        151⤵
        
        PID:5944
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        152⤵
        
        PID:5960
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        153⤵
        
        PID:5980
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        154⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        155⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        156⤵
        
        PID:6028
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        157⤵
        
        PID:6040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        158⤵
        System Location Discovery: System Language Discovery
        
        PID:6060
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        159⤵
        
        PID:6076
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        160⤵
        
        PID:6092
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        161⤵
        System Location Discovery: System Language Discovery
        
        PID:6104
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        162⤵
        
        PID:6120
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        163⤵
        System Location Discovery: System Language Discovery
        
        PID:6136
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        164⤵
        
        PID:2408
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        165⤵
        
        PID:1500
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        166⤵
        System Location Discovery: System Language Discovery
        
        PID:3772
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        167⤵
        
        PID:232
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        168⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        169⤵
        
        PID:6176
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        170⤵
        
        PID:6188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        171⤵
        
        PID:6204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        172⤵
        
        PID:6220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        173⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        174⤵
        
        PID:6248
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        175⤵
        
        PID:6264
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        176⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        177⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        178⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        179⤵
        
        PID:6324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        180⤵
        
        PID:6340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        181⤵
        
        PID:6356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        182⤵
        
        PID:6372
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        183⤵
        
        PID:6388
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        184⤵
        
        PID:6400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        185⤵
        
        PID:6416
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        186⤵
        
        PID:6432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        187⤵
        
        PID:6444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        188⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        189⤵
        
        PID:6476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        190⤵
        
        PID:6496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        191⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        192⤵
        
        PID:6528
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        193⤵
        
        PID:6544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        194⤵
        
        PID:6560
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        195⤵
        
        PID:6576
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        196⤵
        System Location Discovery: System Language Discovery
        
        PID:6592
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        197⤵
        
        PID:6608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        198⤵
        
        PID:6624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        199⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        200⤵
        
        PID:6652
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        201⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        202⤵
        
        PID:6684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        203⤵
        
        PID:6700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        204⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        205⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        206⤵
        
        PID:6748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        207⤵
        
        PID:6764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        208⤵
        
        PID:6776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        209⤵
        
        PID:6792
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        210⤵
        
        PID:6812
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        211⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        212⤵
        
        PID:6844
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        213⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        214⤵
        
        PID:6876
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        215⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        216⤵
        
        PID:6908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        217⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        218⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        219⤵
        
        PID:6952
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        220⤵
        
        PID:6968
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        221⤵
        
        PID:6984
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        222⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        223⤵
        
        PID:7012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        224⤵
        
        PID:7028
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        225⤵
        
        PID:7044
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        226⤵
        System Location Discovery: System Language Discovery
        
        PID:7060
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        227⤵
        
        PID:7072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        228⤵
        
        PID:7092
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        229⤵
        
        PID:7108
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        230⤵
        
        PID:7124
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        231⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        232⤵
        System Location Discovery: System Language Discovery
        
        PID:7152
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        233⤵
        
        PID:640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        234⤵
        
        PID:1376
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        235⤵
        System Location Discovery: System Language Discovery
        
        PID:1148
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        236⤵
        
        PID:1996
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        237⤵
        
        PID:4448
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        238⤵
        
        PID:4856
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        239⤵
        
        PID:3896
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        240⤵
        
        PID:4964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        241⤵
        
        PID:7172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        242⤵
        
        PID:7188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        243⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        244⤵
        
        PID:7220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        245⤵
        
        PID:7232
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        246⤵
        System Location Discovery: System Language Discovery
        
        PID:7248
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        247⤵
        
        PID:7264
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        248⤵
        
        PID:7276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        249⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        250⤵
        
        PID:7312
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        251⤵
        
        PID:7332
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        252⤵
        
        PID:7348
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        253⤵
        
        PID:7364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        254⤵
        
        PID:7376
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        255⤵
        System Location Discovery: System Language Discovery
        
        PID:7392
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        256⤵
        
        PID:7408
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        257⤵
        
        PID:7424
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        258⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        259⤵
        
        PID:7460
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        260⤵
        
        PID:7476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        261⤵
        
        PID:7492
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        262⤵
        
        PID:7508
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        263⤵
        
        PID:7524
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        264⤵
        
        PID:7540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        265⤵
        
        PID:7552
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        266⤵
        
        PID:7568
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        267⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        268⤵
        
        PID:7596
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        269⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        270⤵
        
        PID:7628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        271⤵
        
        PID:7644
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        272⤵
        
        PID:7660
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        273⤵
        
        PID:7676
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        274⤵
        
        PID:7692
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        275⤵
        
        PID:7708
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        276⤵
        
        PID:7720
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        277⤵
        
        PID:7736
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        278⤵
        
        PID:7752
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        279⤵
        
        PID:7768
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        280⤵
        
        PID:7784
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        281⤵
        
        PID:7796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        282⤵
        
        PID:7812
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        283⤵
        
        PID:7828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        284⤵
        System Location Discovery: System Language Discovery
        
        PID:7840
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        285⤵
        
        PID:7852
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        286⤵
        
        PID:7864
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        287⤵
        
        PID:7880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        288⤵
        System Location Discovery: System Language Discovery
        
        PID:7892
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        289⤵
        
        PID:7908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        290⤵
        
        PID:7920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        291⤵
        
        PID:7940
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        292⤵
        
        PID:7952
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        293⤵
        
        PID:7972
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        294⤵
        
        PID:7984
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        295⤵
        System Location Discovery: System Language Discovery
        
        PID:8000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        296⤵
        
        PID:8016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        297⤵
        System Location Discovery: System Language Discovery
        
        PID:8032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        298⤵
        
        PID:8048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        299⤵
        System Location Discovery: System Language Discovery
        
        PID:8068
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        300⤵
        
        PID:8080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        301⤵
        
        PID:8096
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        302⤵
        
        PID:8116
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        303⤵
        
        PID:8132
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        304⤵
        
        PID:8148
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        305⤵
        System Location Discovery: System Language Discovery
        
        PID:8164
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        306⤵
        
        PID:8184
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        307⤵
        System Location Discovery: System Language Discovery
        
        PID:8196
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        308⤵
        
        PID:8212
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        309⤵
        
        PID:8236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        310⤵
        
        PID:8252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        311⤵
        
        PID:8264
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        312⤵
        
        PID:8280
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        313⤵
        
        PID:8296
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        314⤵
        
        PID:8312
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        315⤵
        
        PID:8328
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        316⤵
        
        PID:8344
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        317⤵
        
        PID:8360
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        318⤵
        
        PID:8376
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        319⤵
        
        PID:8392
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        320⤵
        
        PID:8408
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        321⤵
        
        PID:8424
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        322⤵
        
        PID:8436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        323⤵
        
        PID:8448
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        324⤵
        
        PID:8460
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        325⤵
        
        PID:8472
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        326⤵
        
        PID:8492
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        327⤵
        
        PID:8504
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        328⤵
        
        PID:8520
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        329⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        330⤵
        
        PID:8548
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        331⤵
        
        PID:8560
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        332⤵
        
        PID:8572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        333⤵
        
        PID:8592
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        334⤵
        
        PID:8604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        335⤵
        
        PID:8620
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        336⤵
        
        PID:8636
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        337⤵
        
        PID:8648
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        338⤵
        
        PID:8664
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        339⤵
        
        PID:8680
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        340⤵
        System Location Discovery: System Language Discovery
        
        PID:8696
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        341⤵
        
        PID:8712
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        342⤵
        
        PID:8728
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        343⤵
        System Location Discovery: System Language Discovery
        
        PID:8740
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        344⤵
        
        PID:8760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        345⤵
        
        PID:8776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        346⤵
        
        PID:8788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        347⤵
        
        PID:8804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        348⤵
        
        PID:8820
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        349⤵
        System Location Discovery: System Language Discovery
        
        PID:8836
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        350⤵
        
        PID:8852
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        351⤵
        
        PID:8868
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        352⤵
        
        PID:8884
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        353⤵
        
        PID:8900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        354⤵
        
        PID:8912
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        355⤵
        
        PID:8928
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        356⤵
        
        PID:8944
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        357⤵
        System Location Discovery: System Language Discovery
        
        PID:8960
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        358⤵
        
        PID:8976
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        359⤵
        
        PID:8992
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        360⤵
        
        PID:9008
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        361⤵
        
        PID:9024
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        362⤵
        
        PID:9040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        363⤵
        
        PID:9052
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        364⤵
        
        PID:9068
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        365⤵
        
        PID:9084
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        366⤵
        
        PID:9100
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        367⤵
        
        PID:9116
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        368⤵
        
        PID:9132
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        369⤵
        
        PID:9148
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        370⤵
        
        PID:9164
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        371⤵
        
        PID:9176
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        372⤵
        
        PID:9192
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        373⤵
        
        PID:9204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        374⤵
        
        PID:9220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        375⤵
        
        PID:9236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        376⤵
        
        PID:9248
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        377⤵
        
        PID:9264
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        378⤵
        
        PID:9276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        379⤵
        
        PID:9292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        380⤵
        
        PID:9308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        381⤵
        System Location Discovery: System Language Discovery
        
        PID:9320
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        382⤵
        
        PID:9336
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        383⤵
        
        PID:9352
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        384⤵
        
        PID:9368
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        385⤵
        
        PID:9384
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        386⤵
        
        PID:9400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        387⤵
        
        PID:9412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        388⤵
        
        PID:9428
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        389⤵
        
        PID:9444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        390⤵
        
        PID:9460
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        391⤵
        
        PID:9476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        392⤵
        
        PID:9488
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        393⤵
        
        PID:9504
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        394⤵
        
        PID:9520
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        395⤵
        
        PID:9536
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        396⤵
        
        PID:9548
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        397⤵
        
        PID:9568
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        398⤵
        System Location Discovery: System Language Discovery
        
        PID:9584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        399⤵
        
        PID:9600
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        400⤵
        
        PID:9616
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        401⤵
        
        PID:9632
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        402⤵
        System Location Discovery: System Language Discovery
        
        PID:9648
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        403⤵
        
        PID:9664
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        404⤵
        
        PID:9684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        405⤵
        System Location Discovery: System Language Discovery
        
        PID:9700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        406⤵
        
        PID:9716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        407⤵
        
        PID:9732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        408⤵
        
        PID:9748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        409⤵
        
        PID:9764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        410⤵
        
        PID:9780
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        411⤵
        
        PID:9796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        412⤵
        
        PID:9808
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        413⤵
        
        PID:9824
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        414⤵
        
        PID:9840
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        415⤵
        
        PID:9856
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        416⤵
        
        PID:9868
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        417⤵
        
        PID:9884
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        418⤵
        
        PID:9896
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        419⤵
        
        PID:9912
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        420⤵
        
        PID:9928
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        421⤵
        
        PID:9940
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        422⤵
        
        PID:9956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        423⤵
        
        PID:9972
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        424⤵
        
        PID:9988
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        425⤵
        
        PID:10004
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        426⤵
        
        PID:10020
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        427⤵
        
        PID:10036
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        428⤵
        
        PID:10052
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        429⤵
        
        PID:10064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        430⤵
        
        PID:10076
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        431⤵
        
        PID:10092
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        432⤵
        
        PID:10104
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        433⤵
        System Location Discovery: System Language Discovery
        
        PID:10116
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        434⤵
        
        PID:10128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        435⤵
        
        PID:10144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        436⤵
        
        PID:10160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        437⤵
        
        PID:10176
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        438⤵
        
        PID:10192
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        439⤵
        
        PID:10208
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        440⤵
        System Location Discovery: System Language Discovery
        
        PID:10220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        441⤵
        
        PID:10236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        442⤵
        
        PID:10252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        443⤵
        
        PID:10264
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        444⤵
        
        PID:10276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        445⤵
        
        PID:10292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        446⤵
        
        PID:10308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        447⤵
        
        PID:10320
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        448⤵
        
        PID:10336
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        449⤵
        
        PID:10352
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        450⤵
        
        PID:10364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        451⤵
        
        PID:10380
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        452⤵
        
        PID:10396
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        453⤵
        
        PID:10412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        454⤵
        
        PID:10432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        455⤵
        
        PID:10448
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        456⤵
        
        PID:10460
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        457⤵
        
        PID:10476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        458⤵
        
        PID:10496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        459⤵
        
        PID:10508
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        460⤵
        
        PID:10520
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        461⤵
        
        PID:10540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        462⤵
        
        PID:10556
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        463⤵
        
        PID:10572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        464⤵
        
        PID:10588
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        465⤵
        
        PID:10604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        466⤵
        System Location Discovery: System Language Discovery
        
        PID:10620
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        467⤵
        
        PID:10636
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        468⤵
        
        PID:10652
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        469⤵
        
        PID:10668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        470⤵
        
        PID:10684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        471⤵
        
        PID:10700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        472⤵
        
        PID:10716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        473⤵
        
        PID:10732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        474⤵
        
        PID:10744
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        475⤵
        
        PID:10760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        476⤵
        
        PID:10776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        477⤵
        System Location Discovery: System Language Discovery
        
        PID:10792
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        478⤵
        
        PID:10808
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        479⤵
        
        PID:10824
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        480⤵
        
        PID:10840
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        481⤵
        
        PID:10856
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        482⤵
        
        PID:10872
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        483⤵
        
        PID:10884
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        484⤵
        
        PID:10900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        485⤵
        
        PID:10912
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        486⤵
        
        PID:10932
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        487⤵
        
        PID:10948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        488⤵
        
        PID:10964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        489⤵
        
        PID:10980
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        490⤵
        
        PID:10992
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        491⤵
        
        PID:11012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        492⤵
        
        PID:11028
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        493⤵
        
        PID:11040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        494⤵
        
        PID:11056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        495⤵
        
        PID:11068
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        496⤵
        
        PID:11084
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        497⤵
        
        PID:11100
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        498⤵
        
        PID:11112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        499⤵
        
        PID:11132
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        500⤵
        System Location Discovery: System Language Discovery
        
        PID:11144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        501⤵
        
        PID:11160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        502⤵
        
        PID:11172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        503⤵
        
        PID:11188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        504⤵
        
        PID:11208
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        505⤵
        
        PID:11228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        506⤵
        
        PID:11240
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        507⤵
        
        PID:11256
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        508⤵
        
        PID:10420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        509⤵
        System Location Discovery: System Language Discovery
        
        PID:11280
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        510⤵
        
        PID:11296
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        511⤵
        
        PID:11308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        512⤵
        System Location Discovery: System Language Discovery
        
        PID:11324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        513⤵
        
        PID:11340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        514⤵
        
        PID:11352
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        515⤵
        
        PID:11368
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        516⤵
        
        PID:11384
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        517⤵
        
        PID:11396
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        518⤵
        
        PID:11412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        519⤵
        
        PID:11424
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        520⤵
        
        PID:11436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        521⤵
        
        PID:11452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        522⤵
        
        PID:11464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        523⤵
        
        PID:11476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        524⤵
        
        PID:11488
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        525⤵
        
        PID:11504
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        526⤵
        System Location Discovery: System Language Discovery
        
        PID:11516
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        527⤵
        
        PID:11532
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        528⤵
        
        PID:11544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        529⤵
        
        PID:11560
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        530⤵
        
        PID:11576
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        531⤵
        
        PID:11588
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        532⤵
        
        PID:11608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        533⤵
        System Location Discovery: System Language Discovery
        
        PID:11620
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        534⤵
        
        PID:11640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        535⤵
        
        PID:11656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        536⤵
        
        PID:11668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        537⤵
        
        PID:11684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        538⤵
        
        PID:11700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        539⤵
        System Location Discovery: System Language Discovery
        
        PID:11720
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        540⤵
        
        PID:11736
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        541⤵
        
        PID:11756
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        542⤵
        
        PID:11768
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        543⤵
        
        PID:11780
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        544⤵
        
        PID:11796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        545⤵
        
        PID:11840
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        546⤵
        
        PID:11868
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        547⤵
        System Location Discovery: System Language Discovery
        
        PID:11880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        548⤵
        
        PID:11896
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        549⤵
        
        PID:11908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        550⤵
        
        PID:11924
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        551⤵
        
        PID:11936
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        552⤵
        
        PID:11952
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        553⤵
        
        PID:11968
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        554⤵
        
        PID:11980
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        555⤵
        
        PID:11996
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        556⤵
        
        PID:12012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        557⤵
        
        PID:12028
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        558⤵
        
        PID:12040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        559⤵
        
        PID:12056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        560⤵
        
        PID:12072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        561⤵
        
        PID:12092
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        562⤵
        
        PID:12108
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        563⤵
        
        PID:12124
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        564⤵
        
        PID:12140
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        565⤵
        
        PID:12152
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        566⤵
        
        PID:12168
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        567⤵
        
        PID:12180
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        568⤵
        
        PID:12200
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        569⤵
        
        PID:12216
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        570⤵
        
        PID:12228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        571⤵
        
        PID:12244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        572⤵
        
        PID:12264
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        573⤵
        System Location Discovery: System Language Discovery
        
        PID:12280
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        574⤵
        
        PID:12252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        575⤵
        
        PID:12304
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        576⤵
        
        PID:12320
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        577⤵
        
        PID:12336
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        578⤵
        
        PID:12352
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        579⤵
        
        PID:12368
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        580⤵
        
        PID:12380
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        581⤵
        
        PID:12392
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        582⤵
        
        PID:12404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        583⤵
        
        PID:12420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        584⤵
        
        PID:12436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        585⤵
        
        PID:12452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        586⤵
        
        PID:12464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        587⤵
        
        PID:12476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        588⤵
        
        PID:12504
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        589⤵
        
        PID:12528
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        590⤵
        
        PID:12564
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        591⤵
        
        PID:12596
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        592⤵
        
        PID:12628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        593⤵
        
        PID:12644
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        594⤵
        
        PID:12684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        595⤵
        
        PID:12712
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        596⤵
        
        PID:12760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        597⤵
        
        PID:12784
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        598⤵
        
        PID:12796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        599⤵
        System Location Discovery: System Language Discovery
        
        PID:12812
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        600⤵
        
        PID:12832
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        601⤵
        
        PID:12848
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        602⤵
        
        PID:12860
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        603⤵
        
        PID:12884
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        604⤵
        
        PID:12904
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        605⤵
        
        PID:12928
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        606⤵
        
        PID:12948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        607⤵
        
        PID:12964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        608⤵
        
        PID:12976
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        609⤵
        
        PID:12992
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        610⤵
        
        PID:13004
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        611⤵
        
        PID:13020
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        612⤵
        
        PID:13040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        613⤵
        
        PID:13056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        614⤵
        
        PID:13072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        615⤵
        
        PID:13084
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        616⤵
        
        PID:13100
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        617⤵
        System Location Discovery: System Language Discovery
        
        PID:13116
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        618⤵
        
        PID:13132
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        619⤵
        
        PID:13148
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        620⤵
        
        PID:13160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        621⤵
        
        PID:13172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        622⤵
        
        PID:13188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        623⤵
        
        PID:13200
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        624⤵
        
        PID:13216
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        625⤵
        
        PID:13232
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        626⤵
        
        PID:13244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        627⤵
        
        PID:13260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        628⤵
        
        PID:13276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        629⤵
        
        PID:13296
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        630⤵
        
        PID:12080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        631⤵
        
        PID:13324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        632⤵
        
        PID:13340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        633⤵
        
        PID:13356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        634⤵
        
        PID:13372
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        635⤵
        
        PID:13388
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        636⤵
        
        PID:13400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        637⤵
        
        PID:13416
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        638⤵
        
        PID:13428
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        639⤵
        System Location Discovery: System Language Discovery
        
        PID:13444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        640⤵
        
        PID:13456
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        641⤵
        System Location Discovery: System Language Discovery
        
        PID:13472
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        642⤵
        
        PID:13484
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        643⤵
        
        PID:13504
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        644⤵
        
        PID:13520
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        645⤵
        
        PID:13536
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        646⤵
        System Location Discovery: System Language Discovery
        
        PID:13552
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        647⤵
        
        PID:13568
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        648⤵
        
        PID:13584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        649⤵
        System Location Discovery: System Language Discovery
        
        PID:13600
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        650⤵
        
        PID:13616
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        651⤵
        
        PID:13632
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        652⤵
        
        PID:13644
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        653⤵
        
        PID:13656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        654⤵
        
        PID:13672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        655⤵
        
        PID:13688
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        656⤵
        
        PID:13700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        657⤵
        
        PID:13720
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        658⤵
        
        PID:13736
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        659⤵
        
        PID:13752
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        660⤵
        
        PID:13768
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        661⤵
        
        PID:13784
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        662⤵
        
        PID:13800
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        663⤵
        
        PID:13816
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        664⤵
        
        PID:13828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        665⤵
        
        PID:13844
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        666⤵
        
        PID:13860
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        667⤵
        
        PID:13876
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        668⤵
        
        PID:13888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        669⤵
        
        PID:13904
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        670⤵
        
        PID:13916
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        671⤵
        
        PID:13932
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        672⤵
        System Location Discovery: System Language Discovery
        
        PID:13948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        673⤵
        
        PID:13964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        674⤵
        
        PID:13980
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        675⤵
        
        PID:13996
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        676⤵
        
        PID:14012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        677⤵
        
        PID:14028
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        678⤵
        
        PID:14044
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        679⤵
        System Location Discovery: System Language Discovery
        
        PID:14060
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        680⤵
        
        PID:14076
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        681⤵
        
        PID:14092
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        682⤵
        
        PID:14108
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        683⤵
        System Location Discovery: System Language Discovery
        
        PID:14120
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        684⤵
        
        PID:14140
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        685⤵
        
        PID:14156
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        686⤵
        
        PID:14172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        687⤵
        
        PID:14188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        688⤵
        
        PID:14204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        689⤵
        
        PID:14216
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        690⤵
        
        PID:14236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        691⤵
        
        PID:14252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        692⤵
        
        PID:14268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        693⤵
        
        PID:14284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        694⤵
        
        PID:14300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        695⤵
        
        PID:14316
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        696⤵
        
        PID:14332
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        697⤵
        System Location Discovery: System Language Discovery
        
        PID:14344
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        698⤵
        
        PID:14360
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        699⤵
        
        PID:14376
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        700⤵
        
        PID:14392
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        701⤵
        
        PID:14408
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        702⤵
        
        PID:14424
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        703⤵
        
        PID:14440
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        704⤵
        
        PID:14456
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        705⤵
        
        PID:14480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        706⤵
        
        PID:14504
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        707⤵
        
        PID:14544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        708⤵
        
        PID:14560
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        709⤵
        
        PID:14576
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        710⤵
        
        PID:14592
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        711⤵
        
        PID:14608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        712⤵
        
        PID:14624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        713⤵
        
        PID:14640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        714⤵
        
        PID:14656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        715⤵
        
        PID:14672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        716⤵
        
        PID:14688
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        717⤵
        
        PID:14700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        718⤵
        System Location Discovery: System Language Discovery
        
        PID:14720
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        719⤵
        
        PID:14732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        720⤵
        
        PID:14748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        721⤵
        
        PID:14764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        722⤵
        
        PID:14780
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        723⤵
        
        PID:14796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        724⤵
        
        PID:14812
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        725⤵
        
        PID:14828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        726⤵
        
        PID:14844
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        727⤵
        
        PID:14860
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        728⤵
        
        PID:14876
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        729⤵
        
        PID:14892
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        730⤵
        
        PID:14908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        731⤵
        
        PID:14924
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        732⤵
        
        PID:14940
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        733⤵
        
        PID:14956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        734⤵
        
        PID:14968
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        735⤵
        
        PID:14988
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        736⤵
        
        PID:15004
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        737⤵
        
        PID:15020
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        738⤵
        
        PID:15036
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        739⤵
        
        PID:15052
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        740⤵
        
        PID:15064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        741⤵
        
        PID:15080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        742⤵
        
        PID:15092
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        743⤵
        System Location Discovery: System Language Discovery
        
        PID:15108
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        744⤵
        
        PID:15120
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        745⤵
        
        PID:15132
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        746⤵
        
        PID:15152
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        747⤵
        
        PID:15168
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        748⤵
        
        PID:15184
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        749⤵
        
        PID:15200
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        750⤵
        
        PID:15212
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        751⤵
        
        PID:15228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        752⤵
        
        PID:15244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        753⤵
        
        PID:15260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        754⤵
        
        PID:15272
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        755⤵
        
        PID:15288
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        756⤵
        
        PID:15304
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        757⤵
        
        PID:15316
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        758⤵
        
        PID:15336
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        759⤵
        
        PID:15352
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        760⤵
        
        PID:15364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        761⤵
        
        PID:15376
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        762⤵
        
        PID:15392
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        763⤵
        
        PID:15408
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        764⤵
        
        PID:15424
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        765⤵
        
        PID:15440
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        766⤵
        
        PID:15452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        767⤵
        System Location Discovery: System Language Discovery
        
        PID:15468
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        768⤵
        
        PID:15484
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        769⤵
        
        PID:15500
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        770⤵
        
        PID:15516
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        771⤵
        
        PID:15532
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        772⤵
        
        PID:15548
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        773⤵
        
        PID:15564
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        774⤵
        
        PID:15576
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        775⤵
        
        PID:15592
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        776⤵
        
        PID:15608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        777⤵
        System Location Discovery: System Language Discovery
        
        PID:15624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        778⤵
        
        PID:15640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        779⤵
        
        PID:15652
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        780⤵
        
        PID:15668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        781⤵
        
        PID:15680
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        782⤵
        System Location Discovery: System Language Discovery
        
        PID:15700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        783⤵
        
        PID:15712
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        784⤵
        
        PID:15728
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        785⤵
        
        PID:15744
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        786⤵
        
        PID:15760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        787⤵
        
        PID:15776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        788⤵
        
        PID:15792
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        789⤵
        
        PID:15808
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        790⤵
        
        PID:15824
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        791⤵
        
        PID:15840
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        792⤵
        
        PID:15856
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        793⤵
        
        PID:15868
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        794⤵
        
        PID:15880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        795⤵
        
        PID:15892
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        796⤵
        
        PID:15904
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        797⤵
        
        PID:15920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        798⤵
        
        PID:15932
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        799⤵
        
        PID:15952
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        800⤵
        
        PID:15968
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        801⤵
        
        PID:15980
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        802⤵
        System Location Discovery: System Language Discovery
        
        PID:15996
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        803⤵
        
        PID:16012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        804⤵
        
        PID:16032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        805⤵
        
        PID:16048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        806⤵
        
        PID:16064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        807⤵
        
        PID:16084
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        808⤵
        
        PID:16100
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        809⤵
        
        PID:16124
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        810⤵
        
        PID:16140
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        811⤵
        System Location Discovery: System Language Discovery
        
        PID:16156
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        812⤵
        
        PID:16168
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        813⤵
        
        PID:16180
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        814⤵
        
        PID:16196
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        815⤵
        
        PID:16212
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        816⤵
        
        PID:16228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        817⤵
        
        PID:16244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        818⤵
        
        PID:16260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        819⤵
        
        PID:16276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        820⤵
        
        PID:16292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        821⤵
        System Location Discovery: System Language Discovery
        
        PID:16308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        822⤵
        
        PID:16324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        823⤵
        
        PID:16340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        824⤵
        
        PID:16352
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        825⤵
        
        PID:16368
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        826⤵
        
        PID:16380
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        827⤵
        
        PID:3144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        828⤵
        System Location Discovery: System Language Discovery
        
        PID:4140
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        829⤵
        System Location Discovery: System Language Discovery
        
        PID:2944
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        830⤵
        
        PID:16392
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        831⤵
        
        PID:16412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        832⤵
        
        PID:16452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        833⤵
        
        PID:16496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        834⤵
        
        PID:16520
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        835⤵
        
        PID:16556
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        836⤵
        
        PID:16596
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        837⤵
        
        PID:16612
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        838⤵
        
        PID:16628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        839⤵
        
        PID:16644
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        840⤵
        
        PID:16660
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        841⤵
        
        PID:16676
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        842⤵
        
        PID:16704
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        843⤵
        
        PID:16720
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        844⤵
        
        PID:16732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        845⤵
        
        PID:16748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        846⤵
        
        PID:16760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        847⤵
        
        PID:16772
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        848⤵
        
        PID:16788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        849⤵
        
        PID:16808
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        850⤵
        
        PID:16824
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        851⤵
        
        PID:16836
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        852⤵
        
        PID:16852
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        853⤵
        
        PID:16868
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        854⤵
        
        PID:16884
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        855⤵
        
        PID:16896
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        856⤵
        
        PID:16912
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        857⤵
        
        PID:16924
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        858⤵
        
        PID:16940
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        859⤵
        
        PID:16956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        860⤵
        System Location Discovery: System Language Discovery
        
        PID:16968
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        861⤵
        
        PID:16988
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        862⤵
        
        PID:17000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        863⤵
        
        PID:17020
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        864⤵
        
        PID:17036
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        865⤵
        
        PID:17052
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        866⤵
        
        PID:17068
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        867⤵
        
        PID:17084
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        868⤵
        
        PID:17096
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        869⤵
        
        PID:17112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        870⤵
        
        PID:17132
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        871⤵
        
        PID:17144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        872⤵
        System Location Discovery: System Language Discovery
        
        PID:17160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        873⤵
        
        PID:17172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        874⤵
        
        PID:17188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        875⤵
        
        PID:17204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        876⤵
        
        PID:17224
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8f6aa4e08f36916ce855b1ec116c17_JaffaCakes118.dll,#1
        877⤵
        
        PID:17240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...