d72e35a1e85cba179dbcbf9aac7a32f7fc23aee105aa1b1272b45485fa7c7382

Analysis

max time kernel
138s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2024, 04:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll
Size

96KB
MD5

ba5ab654b22183763de16aa755acbe66
SHA1

faad513bf0d2b129d5da079ebaeb9e1239f58cad
SHA256

d72e35a1e85cba179dbcbf9aac7a32f7fc23aee105aa1b1272b45485fa7c7382
SHA512

ddf16842006dddbe16ce196f4085b846ac2a55bcb2a3208697907e2cf97666b9176de816ed9db5dde94be64160a7579d8f2b942ff9884b373bbef2dde3d0e31f
SSDEEP

1536:EHRM6hy0j3buOF6XGDBJNoqqas51VvuhxxyqpNgLfM/Dmv8M:CR40TCOF6XGDu7as51V23YqpNefaM

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2984 wrote to memory of 3920	2984	rundll32.exe	84
PID 2984 wrote to memory of 3920	2984	rundll32.exe	84
PID 2984 wrote to memory of 3920	2984	rundll32.exe	84
PID 3920 wrote to memory of 2004	3920	rundll32.exe	85
PID 3920 wrote to memory of 2004	3920	rundll32.exe	85
PID 3920 wrote to memory of 2004	3920	rundll32.exe	85
PID 2004 wrote to memory of 3296	2004	rundll32.exe	86
PID 2004 wrote to memory of 3296	2004	rundll32.exe	86
PID 2004 wrote to memory of 3296	2004	rundll32.exe	86
PID 3296 wrote to memory of 5028	3296	rundll32.exe	87
PID 3296 wrote to memory of 5028	3296	rundll32.exe	87
PID 3296 wrote to memory of 5028	3296	rundll32.exe	87
PID 5028 wrote to memory of 1448	5028	rundll32.exe	88
PID 5028 wrote to memory of 1448	5028	rundll32.exe	88
PID 5028 wrote to memory of 1448	5028	rundll32.exe	88
PID 1448 wrote to memory of 4232	1448	rundll32.exe	89
PID 1448 wrote to memory of 4232	1448	rundll32.exe	89
PID 1448 wrote to memory of 4232	1448	rundll32.exe	89
PID 4232 wrote to memory of 2540	4232	rundll32.exe	90
PID 4232 wrote to memory of 2540	4232	rundll32.exe	90
PID 4232 wrote to memory of 2540	4232	rundll32.exe	90
PID 2540 wrote to memory of 3836	2540	rundll32.exe	91
PID 2540 wrote to memory of 3836	2540	rundll32.exe	91
PID 2540 wrote to memory of 3836	2540	rundll32.exe	91
PID 3836 wrote to memory of 3708	3836	rundll32.exe	92
PID 3836 wrote to memory of 3708	3836	rundll32.exe	92
PID 3836 wrote to memory of 3708	3836	rundll32.exe	92
PID 3708 wrote to memory of 2608	3708	rundll32.exe	93
PID 3708 wrote to memory of 2608	3708	rundll32.exe	93
PID 3708 wrote to memory of 2608	3708	rundll32.exe	93
PID 2608 wrote to memory of 1416	2608	rundll32.exe	94
PID 2608 wrote to memory of 1416	2608	rundll32.exe	94
PID 2608 wrote to memory of 1416	2608	rundll32.exe	94
PID 1416 wrote to memory of 2772	1416	rundll32.exe	95
PID 1416 wrote to memory of 2772	1416	rundll32.exe	95
PID 1416 wrote to memory of 2772	1416	rundll32.exe	95
PID 2772 wrote to memory of 740	2772	rundll32.exe	96
PID 2772 wrote to memory of 740	2772	rundll32.exe	96
PID 2772 wrote to memory of 740	2772	rundll32.exe	96
PID 740 wrote to memory of 4512	740	rundll32.exe	97
PID 740 wrote to memory of 4512	740	rundll32.exe	97
PID 740 wrote to memory of 4512	740	rundll32.exe	97
PID 4512 wrote to memory of 2028	4512	rundll32.exe	98
PID 4512 wrote to memory of 2028	4512	rundll32.exe	98
PID 4512 wrote to memory of 2028	4512	rundll32.exe	98
PID 2028 wrote to memory of 1752	2028	rundll32.exe	99
PID 2028 wrote to memory of 1752	2028	rundll32.exe	99
PID 2028 wrote to memory of 1752	2028	rundll32.exe	99
PID 1752 wrote to memory of 4016	1752	rundll32.exe	100
PID 1752 wrote to memory of 4016	1752	rundll32.exe	100
PID 1752 wrote to memory of 4016	1752	rundll32.exe	100
PID 4016 wrote to memory of 2396	4016	rundll32.exe	102
PID 4016 wrote to memory of 2396	4016	rundll32.exe	102
PID 4016 wrote to memory of 2396	4016	rundll32.exe	102
PID 2396 wrote to memory of 3384	2396	rundll32.exe	103
PID 2396 wrote to memory of 3384	2396	rundll32.exe	103
PID 2396 wrote to memory of 3384	2396	rundll32.exe	103
PID 3384 wrote to memory of 3136	3384	rundll32.exe	104
PID 3384 wrote to memory of 3136	3384	rundll32.exe	104
PID 3384 wrote to memory of 3136	3384	rundll32.exe	104
PID 3136 wrote to memory of 5024	3136	rundll32.exe	105
PID 3136 wrote to memory of 5024	3136	rundll32.exe	105
PID 3136 wrote to memory of 5024	3136	rundll32.exe	105
PID 5024 wrote to memory of 1204	5024	rundll32.exe	107

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2984
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3920
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2004
  - - C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3296
    - - C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:5028
      - C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:1448
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        7⤵
        Suspicious use of WriteProcessMemory
        
        PID:4232
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:2540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        9⤵
        Suspicious use of WriteProcessMemory
        
        PID:3836
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        10⤵
        Suspicious use of WriteProcessMemory
        
        PID:3708
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        11⤵
        Suspicious use of WriteProcessMemory
        
        PID:2608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        12⤵
        Suspicious use of WriteProcessMemory
        
        PID:1416
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        13⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2772
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        14⤵
        Suspicious use of WriteProcessMemory
        
        PID:740
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        15⤵
        Suspicious use of WriteProcessMemory
        
        PID:4512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        16⤵
        Suspicious use of WriteProcessMemory
        
        PID:2028
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        17⤵
        Suspicious use of WriteProcessMemory
        
        PID:1752
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        18⤵
        Suspicious use of WriteProcessMemory
        
        PID:4016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        19⤵
        Suspicious use of WriteProcessMemory
        
        PID:2396
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        20⤵
        Suspicious use of WriteProcessMemory
        
        PID:3384
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        21⤵
        Suspicious use of WriteProcessMemory
        
        PID:3136
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        22⤵
        Suspicious use of WriteProcessMemory
        
        PID:5024
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        23⤵
        
        PID:1204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        24⤵
        
        PID:3880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        25⤵
        
        PID:1532
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        26⤵
        
        PID:2612
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        27⤵
        
        PID:4468
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        28⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        29⤵
        
        PID:1188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        30⤵
        
        PID:840
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        31⤵
        
        PID:1892
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        32⤵
        
        PID:4576
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        33⤵
        
        PID:4032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        34⤵
        
        PID:4444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        35⤵
        
        PID:3736
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        36⤵
        
        PID:3260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        37⤵
        
        PID:4260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        38⤵
        
        PID:1088
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        39⤵
        
        PID:1124
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        40⤵
        
        PID:4756
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        41⤵
        
        PID:2368
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        42⤵
        
        PID:2276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        43⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        44⤵
        
        PID:4516
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        45⤵
        
        PID:3128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        46⤵
        
        PID:4788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        47⤵
        
        PID:4080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        48⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        49⤵
        
        PID:2880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        50⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        51⤵
        
        PID:3540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        52⤵
        System Location Discovery: System Language Discovery
        
        PID:4964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        53⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        54⤵
        
        PID:3308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        55⤵
        System Location Discovery: System Language Discovery
        
        PID:2868
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        56⤵
        
        PID:228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        57⤵
        
        PID:704
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        58⤵
        
        PID:2344
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        59⤵
        
        PID:532
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        60⤵
        
        PID:3808
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        61⤵
        
        PID:3752
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        62⤵
        
        PID:4892
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        63⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        64⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        65⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        66⤵
        
        PID:3772
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        67⤵
        
        PID:4476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        68⤵
        
        PID:624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        69⤵
        
        PID:4488
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        70⤵
        
        PID:1012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        71⤵
        
        PID:1824
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        72⤵
        
        PID:804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        73⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        74⤵
        
        PID:4592
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        75⤵
        
        PID:552
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        76⤵
        
        PID:2364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        77⤵
        System Location Discovery: System Language Discovery
        
        PID:4216
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        78⤵
        
        PID:2568
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        79⤵
        
        PID:4492
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        80⤵
        
        PID:4640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        81⤵
        
        PID:4044
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        82⤵
        
        PID:2384
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        83⤵
        
        PID:4324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        84⤵
        
        PID:4048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        85⤵
        
        PID:4884
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        86⤵
        
        PID:1460
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        87⤵
        
        PID:2488
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        88⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        89⤵
        
        PID:1064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        90⤵
        
        PID:5140
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        91⤵
        
        PID:5152
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        92⤵
        
        PID:5168
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        93⤵
        
        PID:5188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        94⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        95⤵
        
        PID:5232
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        96⤵
        
        PID:5248
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        97⤵
        System Location Discovery: System Language Discovery
        
        PID:5260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        98⤵
        System Location Discovery: System Language Discovery
        
        PID:5272
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        99⤵
        
        PID:5292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        100⤵
        
        PID:5304
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        101⤵
        
        PID:5320
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        102⤵
        System Location Discovery: System Language Discovery
        
        PID:5336
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        103⤵
        
        PID:5352
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        104⤵
        
        PID:5368
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        105⤵
        
        PID:5384
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        106⤵
        
        PID:5400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        107⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        108⤵
        
        PID:5436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        109⤵
        System Location Discovery: System Language Discovery
        
        PID:5452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        110⤵
        
        PID:5488
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        111⤵
        
        PID:5508
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        112⤵
        
        PID:5524
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        113⤵
        
        PID:5540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        114⤵
        
        PID:5552
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        115⤵
        
        PID:5572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        116⤵
        
        PID:5588
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        117⤵
        System Location Discovery: System Language Discovery
        
        PID:5604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        118⤵
        
        PID:5616
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        119⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        120⤵
        
        PID:5648
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        121⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        122⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        123⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        124⤵
        
        PID:5720
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        125⤵
        
        PID:5736
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        126⤵
        
        PID:5752
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        127⤵
        
        PID:5768
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        128⤵
        System Location Discovery: System Language Discovery
        
        PID:5780
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        129⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        130⤵
        
        PID:5816
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        131⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        132⤵
        
        PID:5844
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        133⤵
        
        PID:5860
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        134⤵
        
        PID:5876
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        135⤵
        
        PID:5888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        136⤵
        
        PID:5908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        137⤵
        
        PID:5924
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        138⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        139⤵
        
        PID:5956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        140⤵
        System Location Discovery: System Language Discovery
        
        PID:5972
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        141⤵
        
        PID:5984
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        142⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        143⤵
        
        PID:6016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        144⤵
        
        PID:6032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        145⤵
        
        PID:6048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        146⤵
        
        PID:6064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        147⤵
        
        PID:6080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        148⤵
        
        PID:6096
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        149⤵
        
        PID:6112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        150⤵
        
        PID:6128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        151⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        152⤵
        System Location Discovery: System Language Discovery
        
        PID:5692
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        153⤵
        
        PID:6148
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        154⤵
        
        PID:6164
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        155⤵
        
        PID:6180
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        156⤵
        
        PID:6196
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        157⤵
        
        PID:6208
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        158⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        159⤵
        
        PID:6240
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        160⤵
        
        PID:6256
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        161⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        162⤵
        
        PID:6284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        163⤵
        
        PID:6300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        164⤵
        
        PID:6312
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        165⤵
        
        PID:6336
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        166⤵
        
        PID:6348
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        167⤵
        
        PID:6364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        168⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        169⤵
        
        PID:6400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        170⤵
        
        PID:6416
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        171⤵
        
        PID:6432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        172⤵
        
        PID:6444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        173⤵
        System Location Discovery: System Language Discovery
        
        PID:6460
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        174⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        175⤵
        
        PID:6488
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        176⤵
        System Location Discovery: System Language Discovery
        
        PID:6504
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        177⤵
        System Location Discovery: System Language Discovery
        
        PID:6516
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        178⤵
        
        PID:6532
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        179⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        180⤵
        
        PID:6564
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        181⤵
        
        PID:6580
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        182⤵
        
        PID:6596
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        183⤵
        
        PID:6608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        184⤵
        
        PID:6628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        185⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        186⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        187⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        188⤵
        
        PID:6692
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        189⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        190⤵
        
        PID:6724
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        191⤵
        
        PID:6740
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        192⤵
        
        PID:6756
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        193⤵
        
        PID:6772
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        194⤵
        
        PID:6788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        195⤵
        
        PID:6800
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        196⤵
        
        PID:6816
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        197⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        198⤵
        
        PID:6844
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        199⤵
        
        PID:6864
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        200⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        201⤵
        
        PID:6896
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        202⤵
        
        PID:6912
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        203⤵
        
        PID:6928
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        204⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        205⤵
        System Location Discovery: System Language Discovery
        
        PID:6960
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        206⤵
        
        PID:6976
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        207⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        208⤵
        
        PID:7008
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        209⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        210⤵
        
        PID:7040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        211⤵
        System Location Discovery: System Language Discovery
        
        PID:7056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        212⤵
        
        PID:7068
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        213⤵
        
        PID:7084
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        214⤵
        
        PID:7100
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        215⤵
        
        PID:7116
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        216⤵
        
        PID:7128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        217⤵
        
        PID:7144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        218⤵
        
        PID:7160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        219⤵
        
        PID:2888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        220⤵
        
        PID:3356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        221⤵
        System Location Discovery: System Language Discovery
        
        PID:4528
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        222⤵
        
        PID:6320
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        223⤵
        
        PID:432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        224⤵
        
        PID:3668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        225⤵
        
        PID:1304
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        226⤵
        
        PID:4208
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        227⤵
        
        PID:3652
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        228⤵
        System Location Discovery: System Language Discovery
        
        PID:6640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        229⤵
        
        PID:7172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        230⤵
        
        PID:7188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        231⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        232⤵
        
        PID:7224
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        233⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        234⤵
        
        PID:7252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        235⤵
        
        PID:7272
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        236⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        237⤵
        
        PID:7300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        238⤵
        
        PID:7316
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        239⤵
        
        PID:7352
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        240⤵
        
        PID:7372
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        241⤵
        
        PID:7408
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        242⤵
        System Location Discovery: System Language Discovery
        
        PID:7424
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        243⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        244⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        245⤵
        
        PID:7464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        246⤵
        
        PID:7480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        247⤵
        
        PID:7496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        248⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        249⤵
        
        PID:7528
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        250⤵
        
        PID:7540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        251⤵
        
        PID:7560
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        252⤵
        System Location Discovery: System Language Discovery
        
        PID:7576
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        253⤵
        
        PID:7592
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        254⤵
        
        PID:7608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        255⤵
        
        PID:7624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        256⤵
        
        PID:7640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        257⤵
        
        PID:7652
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        258⤵
        
        PID:7676
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        259⤵
        
        PID:7688
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        260⤵
        
        PID:7708
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        261⤵
        
        PID:7724
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        262⤵
        
        PID:7740
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        263⤵
        
        PID:7752
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        264⤵
        
        PID:7768
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        265⤵
        
        PID:7784
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        266⤵
        
        PID:7800
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        267⤵
        
        PID:7816
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        268⤵
        
        PID:7832
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        269⤵
        
        PID:7860
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        270⤵
        
        PID:7876
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        271⤵
        
        PID:7892
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        272⤵
        
        PID:7940
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        273⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        274⤵
        
        PID:8000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        275⤵
        
        PID:8016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        276⤵
        
        PID:8064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        277⤵
        
        PID:8084
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        278⤵
        
        PID:8132
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        279⤵
        
        PID:8156
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        280⤵
        
        PID:8172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        281⤵
        
        PID:7336
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        282⤵
        
        PID:3052
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        283⤵
        
        PID:3368
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        284⤵
        System Location Discovery: System Language Discovery
        
        PID:3532
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        285⤵
        
        PID:5484
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        286⤵
        
        PID:6372
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        287⤵
        System Location Discovery: System Language Discovery
        
        PID:64
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        288⤵
        
        PID:8196
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        289⤵
        
        PID:8208
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        290⤵
        
        PID:8224
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        291⤵
        
        PID:8236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        292⤵
        
        PID:8248
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        293⤵
        System Location Discovery: System Language Discovery
        
        PID:8264
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        294⤵
        
        PID:8280
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        295⤵
        
        PID:8292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        296⤵
        System Location Discovery: System Language Discovery
        
        PID:8304
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        297⤵
        
        PID:8320
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        298⤵
        
        PID:8336
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        299⤵
        
        PID:8348
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        300⤵
        
        PID:8364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        301⤵
        
        PID:8376
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        302⤵
        
        PID:8392
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        303⤵
        
        PID:8408
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        304⤵
        System Location Discovery: System Language Discovery
        
        PID:8420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        305⤵
        
        PID:8436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        306⤵
        
        PID:8452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        307⤵
        
        PID:8468
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        308⤵
        
        PID:8480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        309⤵
        System Location Discovery: System Language Discovery
        
        PID:8496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        310⤵
        System Location Discovery: System Language Discovery
        
        PID:8512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        311⤵
        
        PID:8524
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        312⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        313⤵
        
        PID:8548
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        314⤵
        
        PID:8568
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        315⤵
        
        PID:8584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        316⤵
        
        PID:8600
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        317⤵
        
        PID:8616
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        318⤵
        
        PID:8632
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        319⤵
        
        PID:8648
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        320⤵
        
        PID:8660
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        321⤵
        
        PID:8672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        322⤵
        
        PID:8688
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        323⤵
        
        PID:8704
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        324⤵
        
        PID:8720
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        325⤵
        
        PID:8736
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        326⤵
        
        PID:8748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        327⤵
        
        PID:8760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        328⤵
        
        PID:8772
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        329⤵
        
        PID:8788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        330⤵
        
        PID:8804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        331⤵
        
        PID:8820
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        332⤵
        
        PID:8836
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        333⤵
        
        PID:8852
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        334⤵
        
        PID:8872
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        335⤵
        
        PID:8888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        336⤵
        System Location Discovery: System Language Discovery
        
        PID:8904
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        337⤵
        
        PID:8920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        338⤵
        
        PID:8932
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        339⤵
        
        PID:8952
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        340⤵
        
        PID:8968
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        341⤵
        
        PID:8980
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        342⤵
        
        PID:8996
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        343⤵
        
        PID:9012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        344⤵
        
        PID:9028
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        345⤵
        
        PID:9044
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        346⤵
        
        PID:9060
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        347⤵
        
        PID:9072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        348⤵
        
        PID:9092
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        349⤵
        
        PID:9108
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        350⤵
        
        PID:9124
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        351⤵
        
        PID:9140
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        352⤵
        
        PID:9156
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        353⤵
        
        PID:9172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        354⤵
        
        PID:9188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        355⤵
        
        PID:9204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        356⤵
        
        PID:8272
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        357⤵
        
        PID:9232
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        358⤵
        
        PID:9244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        359⤵
        
        PID:9264
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        360⤵
        
        PID:9280
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        361⤵
        
        PID:9296
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        362⤵
        
        PID:9308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        363⤵
        
        PID:9324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        364⤵
        System Location Discovery: System Language Discovery
        
        PID:9344
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        365⤵
        
        PID:9384
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        366⤵
        
        PID:9404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        367⤵
        
        PID:9420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        368⤵
        
        PID:9432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        369⤵
        
        PID:9448
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        370⤵
        
        PID:9464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        371⤵
        
        PID:9484
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        372⤵
        System Location Discovery: System Language Discovery
        
        PID:9500
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        373⤵
        
        PID:9512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        374⤵
        System Location Discovery: System Language Discovery
        
        PID:9528
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        375⤵
        
        PID:9540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        376⤵
        System Location Discovery: System Language Discovery
        
        PID:9560
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        377⤵
        
        PID:9576
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        378⤵
        
        PID:9592
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        379⤵
        
        PID:9604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        380⤵
        
        PID:9620
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        381⤵
        
        PID:9636
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        382⤵
        
        PID:9648
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        383⤵
        
        PID:9668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        384⤵
        
        PID:9680
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        385⤵
        
        PID:9700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        386⤵
        
        PID:9716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        387⤵
        
        PID:9732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        388⤵
        
        PID:9744
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        389⤵
        
        PID:9764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        390⤵
        
        PID:9780
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        391⤵
        
        PID:9796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        392⤵
        
        PID:9808
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        393⤵
        
        PID:9824
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        394⤵
        
        PID:9840
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        395⤵
        
        PID:9856
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        396⤵
        
        PID:9872
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        397⤵
        
        PID:9884
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        398⤵
        
        PID:9904
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        399⤵
        
        PID:9920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        400⤵
        
        PID:9936
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        401⤵
        
        PID:9952
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        402⤵
        
        PID:9968
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        403⤵
        
        PID:9984
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        404⤵
        
        PID:10000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        405⤵
        
        PID:10016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        406⤵
        
        PID:10032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        407⤵
        
        PID:10044
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        408⤵
        System Location Discovery: System Language Discovery
        
        PID:10056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        409⤵
        
        PID:10080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        410⤵
        
        PID:10096
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        411⤵
        
        PID:10112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        412⤵
        
        PID:10128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        413⤵
        
        PID:10140
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        414⤵
        
        PID:10156
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        415⤵
        
        PID:10172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        416⤵
        
        PID:10184
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        417⤵
        
        PID:10196
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        418⤵
        
        PID:10208
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        419⤵
        
        PID:10224
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        420⤵
        
        PID:10236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        421⤵
        
        PID:10244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        422⤵
        
        PID:10260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        423⤵
        
        PID:10276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        424⤵
        
        PID:10292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        425⤵
        
        PID:10308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        426⤵
        
        PID:10324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        427⤵
        
        PID:10340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        428⤵
        
        PID:10356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        429⤵
        
        PID:10372
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        430⤵
        System Location Discovery: System Language Discovery
        
        PID:10388
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        431⤵
        
        PID:10404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        432⤵
        
        PID:10420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        433⤵
        
        PID:10432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        434⤵
        
        PID:10448
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        435⤵
        
        PID:10464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        436⤵
        
        PID:10480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        437⤵
        System Location Discovery: System Language Discovery
        
        PID:10496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        438⤵
        
        PID:10512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        439⤵
        
        PID:10528
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        440⤵
        
        PID:10544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        441⤵
        
        PID:10560
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        442⤵
        
        PID:10576
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        443⤵
        
        PID:10592
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        444⤵
        
        PID:10604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        445⤵
        System Location Discovery: System Language Discovery
        
        PID:10624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        446⤵
        
        PID:10640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        447⤵
        
        PID:10656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        448⤵
        
        PID:10672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        449⤵
        
        PID:10688
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        450⤵
        
        PID:10704
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        451⤵
        
        PID:10720
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        452⤵
        
        PID:10732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        453⤵
        
        PID:10748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        454⤵
        
        PID:10784
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        455⤵
        
        PID:10840
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        456⤵
        
        PID:10856
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        457⤵
        
        PID:10884
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        458⤵
        
        PID:10936
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        459⤵
        
        PID:10956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        460⤵
        
        PID:10976
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        461⤵
        
        PID:10992
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        462⤵
        
        PID:11012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        463⤵
        
        PID:11036
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        464⤵
        System Location Discovery: System Language Discovery
        
        PID:11048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        465⤵
        
        PID:11064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        466⤵
        
        PID:11080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        467⤵
        
        PID:11096
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        468⤵
        
        PID:11112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        469⤵
        
        PID:11124
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        470⤵
        
        PID:11140
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        471⤵
        
        PID:11156
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        472⤵
        
        PID:11168
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        473⤵
        
        PID:11184
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        474⤵
        
        PID:11200
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        475⤵
        
        PID:11212
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        476⤵
        
        PID:11228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        477⤵
        
        PID:11244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        478⤵
        
        PID:11260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        479⤵
        
        PID:11268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        480⤵
        System Location Discovery: System Language Discovery
        
        PID:11288
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        481⤵
        
        PID:11300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        482⤵
        
        PID:11316
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        483⤵
        
        PID:11332
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        484⤵
        
        PID:11348
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        485⤵
        
        PID:11360
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        486⤵
        
        PID:11380
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        487⤵
        
        PID:11392
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        488⤵
        
        PID:11408
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        489⤵
        
        PID:11424
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        490⤵
        
        PID:11440
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        491⤵
        
        PID:11456
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        492⤵
        
        PID:11472
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        493⤵
        
        PID:11488
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        494⤵
        
        PID:11504
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        495⤵
        
        PID:11516
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        496⤵
        
        PID:11536
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        497⤵
        
        PID:11548
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        498⤵
        
        PID:11564
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        499⤵
        
        PID:11580
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        500⤵
        
        PID:11592
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        501⤵
        
        PID:11608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        502⤵
        
        PID:11624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        503⤵
        
        PID:11640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        504⤵
        
        PID:11656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        505⤵
        
        PID:11668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        506⤵
        
        PID:11684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        507⤵
        System Location Discovery: System Language Discovery
        
        PID:11700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        508⤵
        
        PID:11716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        509⤵
        
        PID:11732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        510⤵
        
        PID:11744
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        511⤵
        
        PID:11760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        512⤵
        
        PID:11772
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        513⤵
        
        PID:11788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        514⤵
        System Location Discovery: System Language Discovery
        
        PID:11804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        515⤵
        
        PID:11816
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        516⤵
        
        PID:11836
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        517⤵
        
        PID:11852
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        518⤵
        
        PID:11872
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        519⤵
        
        PID:11888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        520⤵
        
        PID:11900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        521⤵
        System Location Discovery: System Language Discovery
        
        PID:11916
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        522⤵
        System Location Discovery: System Language Discovery
        
        PID:11932
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        523⤵
        
        PID:11956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        524⤵
        
        PID:11972
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        525⤵
        
        PID:11988
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        526⤵
        
        PID:12000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        527⤵
        
        PID:12012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        528⤵
        
        PID:12024
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        529⤵
        
        PID:12036
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        530⤵
        
        PID:12048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        531⤵
        
        PID:12060
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        532⤵
        
        PID:12076
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        533⤵
        System Location Discovery: System Language Discovery
        
        PID:12092
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        534⤵
        
        PID:12108
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        535⤵
        
        PID:12124
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        536⤵
        
        PID:12140
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        537⤵
        
        PID:12152
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        538⤵
        
        PID:12168
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        539⤵
        
        PID:12188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        540⤵
        
        PID:12204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        541⤵
        
        PID:12220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        542⤵
        
        PID:12236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        543⤵
        
        PID:12252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        544⤵
        
        PID:12264
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        545⤵
        System Location Discovery: System Language Discovery
        
        PID:12284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        546⤵
        
        PID:11868
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        547⤵
        
        PID:12300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        548⤵
        
        PID:12312
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        549⤵
        
        PID:12324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        550⤵
        
        PID:12340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        551⤵
        
        PID:12352
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        552⤵
        
        PID:12368
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        553⤵
        
        PID:12388
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        554⤵
        
        PID:12404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        555⤵
        
        PID:12420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        556⤵
        
        PID:12436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        557⤵
        
        PID:12452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        558⤵
        
        PID:12464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        559⤵
        
        PID:12480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        560⤵
        
        PID:12496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        561⤵
        
        PID:12516
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        562⤵
        
        PID:12528
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        563⤵
        
        PID:12544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        564⤵
        
        PID:12560
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        565⤵
        
        PID:12580
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        566⤵
        
        PID:12596
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        567⤵
        
        PID:12628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        568⤵
        
        PID:12648
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        569⤵
        
        PID:12664
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        570⤵
        
        PID:12680
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        571⤵
        System Location Discovery: System Language Discovery
        
        PID:12692
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        572⤵
        System Location Discovery: System Language Discovery
        
        PID:12708
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        573⤵
        
        PID:12724
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        574⤵
        
        PID:12740
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        575⤵
        
        PID:12756
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        576⤵
        
        PID:12776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        577⤵
        
        PID:12792
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        578⤵
        
        PID:12820
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        579⤵
        
        PID:12832
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        580⤵
        
        PID:12848
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        581⤵
        
        PID:12864
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        582⤵
        
        PID:12880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        583⤵
        
        PID:12896
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        584⤵
        
        PID:12908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        585⤵
        
        PID:12928
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        586⤵
        
        PID:12940
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        587⤵
        
        PID:12952
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        588⤵
        
        PID:12972
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        589⤵
        
        PID:12988
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        590⤵
        
        PID:13012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        591⤵
        
        PID:13028
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        592⤵
        
        PID:13048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        593⤵
        
        PID:13064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        594⤵
        
        PID:13080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        595⤵
        
        PID:13100
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        596⤵
        
        PID:13116
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        597⤵
        
        PID:13132
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        598⤵
        System Location Discovery: System Language Discovery
        
        PID:13148
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        599⤵
        System Location Discovery: System Language Discovery
        
        PID:13164
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        600⤵
        
        PID:13176
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        601⤵
        
        PID:13196
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        602⤵
        System Location Discovery: System Language Discovery
        
        PID:13212
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        603⤵
        
        PID:13228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        604⤵
        
        PID:13244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        605⤵
        
        PID:13260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        606⤵
        
        PID:13276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        607⤵
        
        PID:13292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        608⤵
        
        PID:13308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        609⤵
        
        PID:7328
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        610⤵
        
        PID:7848
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        611⤵
        
        PID:7364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        612⤵
        
        PID:7380
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        613⤵
        
        PID:4800
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        614⤵
        
        PID:4296
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        615⤵
        
        PID:13324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        616⤵
        
        PID:13340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        617⤵
        
        PID:13352
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        618⤵
        
        PID:13368
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        619⤵
        
        PID:13384
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        620⤵
        
        PID:13400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        621⤵
        
        PID:13416
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        622⤵
        
        PID:13428
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        623⤵
        
        PID:13448
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        624⤵
        System Location Discovery: System Language Discovery
        
        PID:13464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        625⤵
        
        PID:13484
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        626⤵
        
        PID:13500
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        627⤵
        
        PID:13516
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        628⤵
        
        PID:13532
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        629⤵
        System Location Discovery: System Language Discovery
        
        PID:13548
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        630⤵
        
        PID:13564
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        631⤵
        
        PID:13580
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        632⤵
        
        PID:13596
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        633⤵
        
        PID:13612
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        634⤵
        
        PID:13628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        635⤵
        
        PID:13644
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        636⤵
        
        PID:13660
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        637⤵
        
        PID:13672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        638⤵
        
        PID:13684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        639⤵
        
        PID:13700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        640⤵
        
        PID:13720
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        641⤵
        
        PID:13736
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        642⤵
        
        PID:13752
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        643⤵
        
        PID:13764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        644⤵
        
        PID:13784
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        645⤵
        
        PID:13796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        646⤵
        
        PID:13812
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        647⤵
        
        PID:13824
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        648⤵
        
        PID:13840
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        649⤵
        
        PID:13856
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        650⤵
        
        PID:13872
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        651⤵
        
        PID:13884
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        652⤵
        
        PID:13900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        653⤵
        
        PID:13916
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        654⤵
        
        PID:13928
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        655⤵
        
        PID:13944
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        656⤵
        
        PID:13960
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        657⤵
        
        PID:13972
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        658⤵
        
        PID:13988
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        659⤵
        
        PID:14004
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        660⤵
        
        PID:14020
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        661⤵
        
        PID:14032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        662⤵
        
        PID:14048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        663⤵
        
        PID:14064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        664⤵
        
        PID:14080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        665⤵
        
        PID:14096
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        666⤵
        
        PID:14112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        667⤵
        
        PID:14128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        668⤵
        
        PID:14144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        669⤵
        
        PID:14160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        670⤵
        
        PID:14172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        671⤵
        
        PID:14184
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        672⤵
        
        PID:14200
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        673⤵
        
        PID:14216
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        674⤵
        
        PID:14232
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        675⤵
        
        PID:14244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        676⤵
        
        PID:14260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        677⤵
        
        PID:14272
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        678⤵
        
        PID:14288
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        679⤵
        
        PID:14304
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        680⤵
        
        PID:14320
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        681⤵
        
        PID:12960
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        682⤵
        
        PID:8036
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        683⤵
        
        PID:14348
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        684⤵
        
        PID:14364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        685⤵
        
        PID:14380
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        686⤵
        
        PID:14396
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        687⤵
        
        PID:14412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        688⤵
        
        PID:14424
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        689⤵
        
        PID:14436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        690⤵
        
        PID:14452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        691⤵
        
        PID:14464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        692⤵
        
        PID:14480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        693⤵
        
        PID:14496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        694⤵
        
        PID:14512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        695⤵
        
        PID:14524
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        696⤵
        
        PID:14536
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        697⤵
        
        PID:14548
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        698⤵
        
        PID:14560
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        699⤵
        
        PID:14576
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        700⤵
        
        PID:14592
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        701⤵
        
        PID:14612
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        702⤵
        
        PID:14628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        703⤵
        
        PID:14644
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        704⤵
        
        PID:14660
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        705⤵
        
        PID:14672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        706⤵
        
        PID:14684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        707⤵
        
        PID:14700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        708⤵
        
        PID:14716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        709⤵
        
        PID:14732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        710⤵
        System Location Discovery: System Language Discovery
        
        PID:14744
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        711⤵
        
        PID:14760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        712⤵
        
        PID:14772
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        713⤵
        
        PID:14784
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        714⤵
        
        PID:14800
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        715⤵
        
        PID:14812
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        716⤵
        
        PID:14824
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        717⤵
        
        PID:14840
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        718⤵
        
        PID:14852
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        719⤵
        
        PID:14868
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        720⤵
        
        PID:14884
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        721⤵
        
        PID:14896
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        722⤵
        
        PID:14912
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        723⤵
        
        PID:14928
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        724⤵
        
        PID:14944
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        725⤵
        
        PID:14960
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        726⤵
        
        PID:14976
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        727⤵
        
        PID:14992
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        728⤵
        
        PID:15008
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        729⤵
        
        PID:15024
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        730⤵
        
        PID:15036
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        731⤵
        
        PID:15052
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        732⤵
        System Location Discovery: System Language Discovery
        
        PID:15064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        733⤵
        
        PID:15076
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        734⤵
        
        PID:15092
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        735⤵
        
        PID:15108
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        736⤵
        
        PID:15124
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        737⤵
        
        PID:15136
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        738⤵
        
        PID:15156
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        739⤵
        
        PID:15168
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        740⤵
        
        PID:15192
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        741⤵
        
        PID:15204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        742⤵
        
        PID:15224
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        743⤵
        
        PID:15240
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        744⤵
        
        PID:15252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        745⤵
        
        PID:15264
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        746⤵
        
        PID:15280
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        747⤵
        
        PID:15296
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        748⤵
        
        PID:15308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        749⤵
        
        PID:15320
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        750⤵
        
        PID:15340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        751⤵
        
        PID:15356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        752⤵
        
        PID:15368
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        753⤵
        
        PID:15384
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        754⤵
        
        PID:15400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        755⤵
        
        PID:15416
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        756⤵
        
        PID:15432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        757⤵
        
        PID:15444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        758⤵
        
        PID:15460
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        759⤵
        
        PID:15472
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        760⤵
        
        PID:15488
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        761⤵
        
        PID:15500
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        762⤵
        
        PID:15516
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        763⤵
        
        PID:15532
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        764⤵
        
        PID:15544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        765⤵
        
        PID:15560
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        766⤵
        
        PID:15576
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        767⤵
        
        PID:15592
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        768⤵
        
        PID:15608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        769⤵
        
        PID:15624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        770⤵
        System Location Discovery: System Language Discovery
        
        PID:15640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        771⤵
        
        PID:15656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        772⤵
        
        PID:15672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        773⤵
        
        PID:15684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        774⤵
        
        PID:15704
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        775⤵
        
        PID:15720
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        776⤵
        
        PID:15736
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        777⤵
        
        PID:15748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        778⤵
        System Location Discovery: System Language Discovery
        
        PID:15764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        779⤵
        
        PID:15780
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        780⤵
        
        PID:15800
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        781⤵
        
        PID:15816
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        782⤵
        
        PID:15832
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        783⤵
        
        PID:15848
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        784⤵
        
        PID:15864
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        785⤵
        
        PID:15876
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        786⤵
        
        PID:15892
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        787⤵
        
        PID:15908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        788⤵
        
        PID:15924
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        789⤵
        
        PID:15936
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        790⤵
        
        PID:15956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        791⤵
        
        PID:15972
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        792⤵
        
        PID:15984
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        793⤵
        
        PID:15996
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        794⤵
        
        PID:16012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        795⤵
        
        PID:16028
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        796⤵
        
        PID:16044
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        797⤵
        
        PID:16060
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        798⤵
        
        PID:16076
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        799⤵
        
        PID:16088
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        800⤵
        
        PID:16104
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        801⤵
        
        PID:16120
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        802⤵
        
        PID:16136
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        803⤵
        
        PID:16152
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        804⤵
        
        PID:16168
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        805⤵
        
        PID:16184
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        806⤵
        
        PID:16200
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        807⤵
        System Location Discovery: System Language Discovery
        
        PID:16216
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        808⤵
        
        PID:16232
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        809⤵
        
        PID:16244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        810⤵
        
        PID:16260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        811⤵
        
        PID:16276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        812⤵
        
        PID:16292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        813⤵
        
        PID:16308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        814⤵
        
        PID:16324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        815⤵
        
        PID:16340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        816⤵
        System Location Discovery: System Language Discovery
        
        PID:16356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        817⤵
        
        PID:16368
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        818⤵
        
        PID:2420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        819⤵
        
        PID:3392
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        820⤵
        System Location Discovery: System Language Discovery
        
        PID:15788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        821⤵
        
        PID:16400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        822⤵
        
        PID:16420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        823⤵
        
        PID:16436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        824⤵
        
        PID:16452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        825⤵
        
        PID:16468
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        826⤵
        
        PID:16484
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        827⤵
        
        PID:16500
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        828⤵
        
        PID:16516
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        829⤵
        System Location Discovery: System Language Discovery
        
        PID:16532
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        830⤵
        
        PID:16548
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        831⤵
        
        PID:16564
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        832⤵
        
        PID:16576
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        833⤵
        
        PID:16592
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        834⤵
        System Location Discovery: System Language Discovery
        
        PID:16604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        835⤵
        
        PID:16620
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        836⤵
        
        PID:16632
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        837⤵
        
        PID:16648
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        838⤵
        
        PID:16664
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        839⤵
        
        PID:16680
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        840⤵
        
        PID:16696
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        841⤵
        
        PID:16712
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        842⤵
        
        PID:16728
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        843⤵
        
        PID:16744
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        844⤵
        
        PID:16760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        845⤵
        
        PID:16776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        846⤵
        
        PID:16792
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        847⤵
        
        PID:16808
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        848⤵
        
        PID:16820
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        849⤵
        
        PID:16840
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        850⤵
        
        PID:16856
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        851⤵
        
        PID:16868
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        852⤵
        
        PID:16884
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        853⤵
        
        PID:16900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        854⤵
        
        PID:16916
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        855⤵
        
        PID:16928
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        856⤵
        
        PID:16940
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        857⤵
        
        PID:16952
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        858⤵
        
        PID:16968
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        859⤵
        
        PID:16984
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        860⤵
        
        PID:17004
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        861⤵
        
        PID:17020
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        862⤵
        System Location Discovery: System Language Discovery
        
        PID:17036
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        863⤵
        
        PID:17052
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        864⤵
        
        PID:17064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        865⤵
        
        PID:17076
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        866⤵
        
        PID:17092
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        867⤵
        
        PID:17104
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        868⤵
        System Location Discovery: System Language Discovery
        
        PID:17116
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        869⤵
        
        PID:17136
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        870⤵
        
        PID:17148
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        871⤵
        
        PID:17164
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        872⤵
        
        PID:17176
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        873⤵
        
        PID:17192
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        874⤵
        
        PID:17208
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        875⤵
        
        PID:17220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        876⤵
        
        PID:17236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        877⤵
        
        PID:17252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        878⤵
        System Location Discovery: System Language Discovery
        
        PID:17264
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        879⤵
        
        PID:17284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        880⤵
        
        PID:17300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5ab654b22183763de16aa755acbe66_JaffaCakes118.dll,#1
        881⤵
        
        PID:17316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/17252-1-0x0000000074C90000-0x0000000074F14000-memory.dmp

Filesize
2.5MB

Download
memory/17264-0-0x0000000074C90000-0x0000000074F14000-memory.dmp

Filesize
2.5MB

Download